Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36899 | Unspecified vulnerability in Jenkins Compuware Ispw Operations Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | 8.2 |
| 2022-07-27 | CVE-2022-36900 | Unspecified vulnerability in Jenkins Compuware Zadviser API 1.0.3 Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | 8.2 |
| 2022-07-27 | CVE-2022-36916 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Google Cloud Backup 0.6 A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. | 8.0 |
| 2022-07-27 | CVE-2022-36920 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Coverity A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2022-07-27 | CVE-2022-36921 | Missing Authorization vulnerability in Jenkins Coverity A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.1 |
| 2022-07-07 | CVE-2022-2048 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. | 7.5 |
| 2022-06-30 | CVE-2022-34792 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Recipe 1.0/1.1/1.2 A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. | 8.0 |
| 2022-06-30 | CVE-2022-34793 | XXE vulnerability in Jenkins Recipe 1.0/1.1/1.2 Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2022-06-23 | CVE-2022-34174 | Information Exposure Through Discrepancy vulnerability in Jenkins In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. | 7.5 |
| 2022-06-23 | CVE-2022-34175 | Unspecified vulnerability in Jenkins Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | 7.5 |