Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-24450 Cleartext Storage of Sensitive Information vulnerability in Jenkins View-Cloner 1.0/1.1
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-312
6.5
6.5
2023-01-26 CVE-2023-24451 Missing Authorization vulnerability in Jenkins Cisco Spark
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
4.3
2023-01-26 CVE-2023-24453 Missing Authorization vulnerability in Jenkins Testquality Updater 1.1/1.3
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
network
low complexity
jenkins CWE-862
6.5
6.5
2023-01-26 CVE-2023-24454 Cleartext Storage of Sensitive Information vulnerability in Jenkins Testquality Updater 1.1/1.3
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-312
5.5
5.5
2023-01-26 CVE-2023-24455 Path Traversal vulnerability in Jenkins Visual Expert 1.0/1.3
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-22
4.3
4.3
2023-01-26 CVE-2023-24457 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Keycloak Authentication 2.3.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
6.5
6.5
2023-01-26 CVE-2023-24459 Missing Authorization vulnerability in Jenkins Bearychat
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
network
low complexity
jenkins CWE-862
6.5
6.5
2022-12-12 CVE-2022-46683 Open Redirect vulnerability in Jenkins Google Login 1.4/1.6
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
network
low complexity
jenkins CWE-601
6.1
6.1
2022-12-12 CVE-2022-46684 Cross-site Scripting vulnerability in Jenkins Checkmarx
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-79
5.4
5.4
2022-12-12 CVE-2022-46686 Cross-site Scripting vulnerability in Jenkins Custom Build Properties 2.79.Vc095Ccc85094
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.
network
low complexity
jenkins CWE-79
5.4
5.4