Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-15	CVE-2022-25207	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Chef Sinatra A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. network low complexity jenkins CWE-352	8.8
2022-02-15	CVE-2022-25208	Missing Authorization vulnerability in Jenkins Chef Sinatra A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25209	XXE vulnerability in Jenkins Chef Sinatra Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	8.8
2022-02-15	CVE-2022-25210	Improper Synchronization vulnerability in Jenkins Convertigo Mobile Platform 1.0/1.1 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. network low complexity jenkins CWE-662	6.5
2022-02-15	CVE-2022-25211	Missing Authorization vulnerability in Jenkins Swamp A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. network low complexity jenkins CWE-862	8.8
2022-02-15	CVE-2022-25212	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Swamp A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. network low complexity jenkins CWE-352	8.8
2022-02-09	CVE-2022-0538	Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. network low complexity jenkins CWE-502	7.5
2022-01-12	CVE-2022-20612	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. network low complexity jenkins oracle CWE-352	4.3
2022-01-12	CVE-2022-20613	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. network low complexity jenkins oracle CWE-352	4.3
2022-01-12	CVE-2022-20614	Missing Authorization vulnerability in multiple products A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. network low complexity jenkins oracle CWE-862	4.3

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins