Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-21649 | Cross-site Scripting vulnerability in Jenkins Dashboard View Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 5.4 |
| 2021-05-11 | CVE-2021-21650 | Unspecified vulnerability in Jenkins S3 Publisher Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled. | 4.3 |
| 2021-05-11 | CVE-2021-21651 | Unspecified vulnerability in Jenkins S3 Publisher Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. | 4.3 |
| 2021-05-11 | CVE-2021-21652 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
| 2021-05-11 | CVE-2021-21653 | Unspecified vulnerability in Jenkins Xray - Test Management for Jira Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2021-05-11 | CVE-2021-21654 | Unspecified vulnerability in Jenkins P4 Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password. | 4.3 |
| 2021-05-11 | CVE-2021-21655 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4 A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | 7.1 |
| 2021-05-11 | CVE-2021-21656 | Unspecified vulnerability in Jenkins Xcode Integration Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2021-04-21 | CVE-2021-21647 | Unspecified vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission. | 4.3 |
| 2021-04-21 | CVE-2021-21646 | Unspecified vulnerability in Jenkins Templating Engine Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 |