Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-41225 | Cross-site Scripting vulnerability in Jenkins Anchore Container Image Scanner Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | 5.4 |
| 2022-09-21 | CVE-2022-41229 | Cross-site Scripting vulnerability in Jenkins Ns-Nd Integration Performance Publisher Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-09-21 | CVE-2022-41230 | Missing Authorization vulnerability in Jenkins Build-Publisher Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | 4.3 |
| 2022-09-21 | CVE-2022-41231 | Path Traversal vulnerability in Jenkins Build-Publisher Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. | 5.7 |
| 2022-09-21 | CVE-2022-41233 | Missing Authorization vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | 4.3 |
| 2022-09-21 | CVE-2022-41235 | Unspecified vulnerability in Jenkins Wildfly Deployer 1.0.2 Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | 5.3 |
| 2022-09-21 | CVE-2022-41239 | Cross-site Scripting vulnerability in Jenkins Dotci Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2022-09-21 | CVE-2022-41240 | Cross-site Scripting vulnerability in Jenkins Walti 1.0.1 Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti. | 5.4 |
| 2022-09-21 | CVE-2022-41242 | Missing Authorization vulnerability in Jenkins Extreme-Feedback A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | 5.4 |
| 2022-09-21 | CVE-2022-41246 | Missing Authorization vulnerability in Jenkins Worksoft Execution Manager A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |