Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36887 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins JOB Configuration History A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. | 4.3 |
| 2022-07-27 | CVE-2022-36888 | Missing Authorization vulnerability in Jenkins Hashicorp Vault A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. | 6.5 |
| 2022-07-27 | CVE-2022-36890 | Path Traversal vulnerability in Jenkins Deployer Framework Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |
| 2022-07-27 | CVE-2022-36891 | Missing Authorization vulnerability in Jenkins Deployer Framework A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | 4.3 |
| 2022-07-27 | CVE-2022-36892 | Missing Authorization vulnerability in Jenkins Rhnpush-Plugin Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
| 2022-07-27 | CVE-2022-36893 | Missing Authorization vulnerability in Jenkins Rpmsign-Plugin Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | 4.3 |
| 2022-07-27 | CVE-2022-36894 | Unspecified vulnerability in Jenkins Clif Performance Testing An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 6.5 |
| 2022-07-27 | CVE-2022-36895 | Missing Authorization vulnerability in Jenkins Compuware Topaz Utilities A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-07-27 | CVE-2022-36896 | Missing Authorization vulnerability in Jenkins Compuware Source Code Download for Endevor, Pds, and Ispw 2.0.12 A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-07-27 | CVE-2022-36897 | Missing Authorization vulnerability in Jenkins Compuware Xpediter Code Coverage A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | 4.3 |