Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-41236 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Security Inspector A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options. | 8.8 |
| 2022-09-21 | CVE-2022-41243 | Improper Certificate Validation vulnerability in Jenkins Smalltest Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 |
| 2022-09-21 | CVE-2022-41244 | Improper Certificate Validation vulnerability in Jenkins View26 Test-Reporting Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | 8.1 |
| 2022-09-21 | CVE-2022-41245 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41249 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SCM Httpclient A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-09-21 | CVE-2022-41253 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cons3Rt 1.0.0 A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-07-27 | CVE-2022-36881 | Improper Certificate Validation vulnerability in Jenkins GIT Client Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | 8.1 |
| 2022-07-27 | CVE-2022-36882 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 8.8 |
| 2022-07-27 | CVE-2022-36883 | Missing Authorization vulnerability in Jenkins GIT A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. | 7.5 |
| 2022-07-27 | CVE-2022-36889 | Path Traversal vulnerability in Jenkins Deployer Framework Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | 8.8 |