Vulnerabilities > Jenkins > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-24430 XXE vulnerability in Jenkins Semantic Versioning
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2023-01-26 CVE-2023-24441 XXE vulnerability in Jenkins Mstest
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2023-01-26 CVE-2023-24443 XXE vulnerability in Jenkins Testcomplete Support
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2023-01-26 CVE-2023-24444 Improper Resource Shutdown or Release vulnerability in Jenkins Openid
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-404
critical
 9.8
9.8
2023-01-26 CVE-2023-24456 Session Fixation vulnerability in Jenkins Keycloak Authentication 2.3.0
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
critical
 9.8
9.8
2022-12-12 CVE-2022-46682 XXE vulnerability in Jenkins Plot
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2022-11-15 CVE-2022-45395 XXE vulnerability in Jenkins Cccc
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2022-11-15 CVE-2022-45396 XXE vulnerability in Jenkins Sourcemonitor 0.2
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2022-11-15 CVE-2022-45397 XXE vulnerability in Jenkins OSF Builder Suite :: XML Linter 1.0.2
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8
2022-11-15 CVE-2022-45400 XXE vulnerability in Jenkins Japex 1.7
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
 9.8
9.8