Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-27 CVE-2022-36888 Missing Authorization vulnerability in Jenkins Hashicorp Vault
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.
network
low complexity
jenkins CWE-862
6.5
2022-07-27 CVE-2022-36890 Path Traversal vulnerability in Jenkins Deployer Framework
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
network
low complexity
jenkins CWE-22
4.3
2022-07-27 CVE-2022-36891 Missing Authorization vulnerability in Jenkins Deployer Framework
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.
network
low complexity
jenkins CWE-862
4.3
2022-07-27 CVE-2022-36892 Missing Authorization vulnerability in Jenkins Rhnpush-Plugin
Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
network
low complexity
jenkins CWE-862
4.3
2022-07-27 CVE-2022-36893 Missing Authorization vulnerability in Jenkins Rpmsign-Plugin
Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
network
low complexity
jenkins CWE-862
4.3
2022-07-27 CVE-2022-36894 Unspecified vulnerability in Jenkins Clif Performance Testing
An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
network
low complexity
jenkins
6.5
2022-07-27 CVE-2022-36895 Missing Authorization vulnerability in Jenkins Compuware Topaz Utilities
A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2022-07-27 CVE-2022-36896 Missing Authorization vulnerability in Jenkins Compuware Source Code Download for Endevor, Pds, and Ispw 2.0.12
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2022-07-27 CVE-2022-36897 Missing Authorization vulnerability in Jenkins Compuware Xpediter Code Coverage
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2022-07-27 CVE-2022-36898 Missing Authorization vulnerability in Jenkins Compuware Ispw Operations
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3