Vulnerabilities > Jenkins > Pipeline > build.step
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-15 | CVE-2023-25762 | Cross-site Scripting vulnerability in Jenkins Pipeline: Build Step Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | 5.4 |
| 2022-02-15 | CVE-2022-25184 | Insufficiently Protected Credentials vulnerability in Jenkins Pipeline: Build Step Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | 6.5 |
| 2017-10-05 | CVE-2017-1000089 | Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. | 5.3 |