Vulnerabilities > Jenkins > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-30958 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins SSH
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-05-17 CVE-2022-30969 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter 1.0/1.1
A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-05-17 CVE-2022-30971 XXE vulnerability in Jenkins Storable Configs 1.0
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2022-05-17 CVE-2022-30972 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Storage Configs
A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-04-12 CVE-2022-29050 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Publish Over FTP
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-03-29 CVE-2022-28136 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jiratestresultreporter
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-03-29 CVE-2022-28140 XXE vulnerability in Jenkins Flaky Test Handler
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.1
8.1
2022-03-29 CVE-2022-28142 Improper Certificate Validation vulnerability in Jenkins Proxmox
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.
network
low complexity
jenkins CWE-295
7.5
7.5
2022-03-29 CVE-2022-28150 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB and Node Ownership
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
network
low complexity
jenkins CWE-352
8.8
8.8
2022-03-29 CVE-2022-28154 XXE vulnerability in Jenkins Coverage/Complexity Scatter Plot
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
8.1
8.1