Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-17 | CVE-2019-16561 | Improper Certificate Validation vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 |
| 2019-12-17 | CVE-2019-16560 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Websphere Deployer A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 8.8 |
| 2019-12-17 | CVE-2019-16558 | Improper Certificate Validation vulnerability in Jenkins Spira Importer 3.2.2/3.2.3 Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | 8.2 |
| 2019-12-17 | CVE-2019-16553 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | 8.8 |
| 2019-12-17 | CVE-2019-16551 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | 8.8 |
| 2019-12-17 | CVE-2019-16550 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Maven 0.14.0/0.16.1 A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | 8.8 |
| 2019-12-17 | CVE-2019-16549 | XXE vulnerability in Jenkins Maven 0.14.0/0.16.1 Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | 8.1 |
| 2019-11-21 | CVE-2019-16548 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Google Compute Engine A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | 8.8 |
| 2019-11-21 | CVE-2019-16538 | Incorrect Authorization vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |
| 2019-11-18 | CVE-2012-4438 | Improper Input Validation vulnerability in Jenkins Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | 8.8 |