Vulnerabilities > Jenkins > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-17 | CVE-2019-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Concert A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
2019-12-17 | CVE-2019-16561 | Improper Certificate Validation vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 |
2019-12-17 | CVE-2019-16560 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Websphere Deployer A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 8.8 |
2019-12-17 | CVE-2019-16558 | Improper Certificate Validation vulnerability in Jenkins Spira Importer 3.2.2/3.2.3 Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | 8.2 |
2019-12-17 | CVE-2019-16553 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. | 8.8 |
2019-12-17 | CVE-2019-16551 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. | 8.8 |
2019-12-17 | CVE-2019-16550 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Maven 0.14.0/0.16.1 A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | 8.8 |
2019-12-17 | CVE-2019-16549 | XXE vulnerability in Jenkins Maven 0.14.0/0.16.1 Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | 8.1 |
2019-11-21 | CVE-2019-16548 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Google Compute Engine A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | 8.8 |
2019-11-21 | CVE-2019-16538 | Incorrect Authorization vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | 8.8 |