Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-15	CVE-2022-25203	Cross-site Scripting vulnerability in Jenkins Team Views 0.9.0 Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. network low complexity jenkins CWE-79	5.4
2022-02-15	CVE-2022-25204	Unspecified vulnerability in Jenkins Doktor Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. network low complexity jenkins	5.4
2022-02-15	CVE-2022-25205	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Dbcharts 0.4/0.5.2 A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance. network low complexity jenkins CWE-352	8.8
2022-02-15	CVE-2022-25206	Missing Authorization vulnerability in Jenkins Dbcharts 0.4/0.5.2 A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25207	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Chef Sinatra A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. network low complexity jenkins CWE-352	8.8
2022-02-15	CVE-2022-25208	Missing Authorization vulnerability in Jenkins Chef Sinatra A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25209	XXE vulnerability in Jenkins Chef Sinatra Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	8.8
2022-02-15	CVE-2022-25210	Improper Synchronization vulnerability in Jenkins Convertigo Mobile Platform 1.0/1.1 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. network low complexity jenkins CWE-662	6.5
2022-02-15	CVE-2022-25211	Missing Authorization vulnerability in Jenkins Swamp A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25212	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Swamp A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. network low complexity jenkins CWE-352	8.8

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins