Vulnerabilities > Jenkins > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-26 | CVE-2023-24443 | XXE vulnerability in Jenkins Testcomplete Support Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
2023-01-26 | CVE-2023-24444 | Improper Resource Shutdown or Release vulnerability in Jenkins Openid Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. | 9.8 |
2023-01-26 | CVE-2023-24456 | Session Fixation vulnerability in Jenkins Keycloak Authentication Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. | 9.8 |
2022-12-12 | CVE-2022-46682 | XXE vulnerability in Jenkins Plot Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
2022-11-15 | CVE-2022-45395 | XXE vulnerability in Jenkins Cccc Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
2022-11-15 | CVE-2022-45396 | XXE vulnerability in Jenkins Sourcemonitor 0.2 Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
2022-11-15 | CVE-2022-45397 | XXE vulnerability in Jenkins OSF Builder Suite :: XML Linter 1.0.2 Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
2022-11-15 | CVE-2022-45400 | XXE vulnerability in Jenkins Japex 1.7 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.8 |
2022-10-19 | CVE-2022-43401 | Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 |
2022-10-19 | CVE-2022-43402 | Unspecified vulnerability in Jenkins Pipeline: Groovy A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 9.9 |