Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24437 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jira Pipeline Steps 2.0.165.V8846Cf59F3Db A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2023-01-26 | CVE-2023-24446 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Openid A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. | 8.8 |
| 2023-01-26 | CVE-2023-24447 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rabbitmq Consumer 2.8 A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24452 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Testquality Updater 1.1/1.3 A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | 8.8 |
| 2023-01-26 | CVE-2023-24458 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bearychat A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. | 8.8 |
| 2022-11-15 | CVE-2022-38666 | Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | 7.5 |
| 2022-11-15 | CVE-2022-45379 | Inadequate Encryption Strength vulnerability in Jenkins Script Security Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. | 7.5 |
| 2022-11-15 | CVE-2022-45381 | Path Traversal vulnerability in Jenkins Pipeline Utility Steps 2.13.1 Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | 8.1 |
| 2022-11-15 | CVE-2022-45385 | Missing Authorization vulnerability in Jenkins Cloudbees Docker Hub/Registry Notification 2.6.2 A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | 7.5 |
| 2022-11-15 | CVE-2022-45388 | Unspecified vulnerability in Jenkins Config Rotator 2.0.1 Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | 7.5 |