Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-45383 Incorrect Authorization vulnerability in Jenkins Support Core
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
network
low complexity
jenkins CWE-863
6.5
2022-11-15 CVE-2022-45384 Insufficiently Protected Credentials vulnerability in Jenkins Reverse Proxy Auth
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-11-15 CVE-2022-45386 XXE vulnerability in Jenkins Violations 0.7.11
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
local
low complexity
jenkins CWE-611
5.5
2022-11-15 CVE-2022-45387 Cross-site Scripting vulnerability in Jenkins Bart 1.0.3
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-79
5.4
2022-11-15 CVE-2022-45389 Missing Authorization vulnerability in Jenkins Xp-Dev 1.0
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.
network
low complexity
jenkins CWE-862
5.3
2022-11-15 CVE-2022-45390 Missing Authorization vulnerability in Jenkins Loader.Io 1.0.1
A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2022-11-15 CVE-2022-45392 Insufficiently Protected Credentials vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2022-11-15 CVE-2022-45394 Missing Authorization vulnerability in Jenkins Delete LOG 1.0
A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.
network
low complexity
jenkins CWE-862
4.3
2022-11-15 CVE-2022-45398 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Cluster Statistics 0.4.6
A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
network
low complexity
jenkins CWE-352
4.3
2022-11-15 CVE-2022-45399 Missing Authorization vulnerability in Jenkins Cluster Statistics 0.4.6
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
network
low complexity
jenkins CWE-862
4.3