Vulnerabilities > Jenkins > Low

DATE CVE VULNERABILITY TITLE RISK
2023-11-29 CVE-2023-49652 Missing Authorization vulnerability in Jenkins Google Compute Engine
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects.
network
low complexity
jenkins CWE-862
2.7
2023-09-06 CVE-2023-41946 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Frugal Testing 1.0/1.1
A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.
network
low complexity
jenkins CWE-352
3.5
2023-07-12 CVE-2023-37948 Improper Input Validation vulnerability in Jenkins Cloud Infrastructure Compute
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.
network
high complexity
jenkins CWE-20
3.7
2023-05-16 CVE-2023-2195 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Code DX
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-352
3.5
2023-05-16 CVE-2023-32994 Improper Certificate Validation vulnerability in Jenkins Saml Single Sign on
Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
network
high complexity
jenkins CWE-295
3.7
2023-02-15 CVE-2023-23847 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Synopsys Coverity
A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
3.5
2022-11-15 CVE-2022-45393 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Delete LOG 1.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
network
low complexity
jenkins CWE-352
3.5
2022-01-12 CVE-2022-23114 Insufficiently Protected Credentials vulnerability in Jenkins Publish Over SSH
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-522
3.3
2020-10-08 CVE-2020-2297 Insufficiently Protected Credentials vulnerability in Jenkins SMS Notification 1.0.1/1.1/1.2
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-522
3.3
2020-10-08 CVE-2020-2291 Insufficiently Protected Credentials vulnerability in Jenkins Couchdb-Statistics
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-522
3.3