Vulnerabilities > Jenkins > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-24443 XXE vulnerability in Jenkins Testcomplete Support
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2023-01-26 CVE-2023-24444 Improper Resource Shutdown or Release vulnerability in Jenkins Openid
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-404
critical
9.8
2023-01-26 CVE-2023-24456 Session Fixation vulnerability in Jenkins Keycloak Authentication
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.
network
low complexity
jenkins CWE-384
critical
9.8
2022-12-12 CVE-2022-46682 XXE vulnerability in Jenkins Plot
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2022-11-15 CVE-2022-45395 XXE vulnerability in Jenkins Cccc
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2022-11-15 CVE-2022-45396 XXE vulnerability in Jenkins Sourcemonitor 0.2
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2022-11-15 CVE-2022-45397 XXE vulnerability in Jenkins OSF Builder Suite :: XML Linter 1.0.2
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2022-11-15 CVE-2022-45400 XXE vulnerability in Jenkins Japex 1.7
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2022-10-19 CVE-2022-43401 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2022-10-19 CVE-2022-43402 Unspecified vulnerability in Jenkins Pipeline: Groovy
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9