Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-30	CVE-2022-34808	Insufficiently Protected Credentials vulnerability in Jenkins Cisco Spark Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. network low complexity jenkins CWE-522	4.3
2022-06-30	CVE-2022-34809	Insufficiently Protected Credentials vulnerability in Jenkins RQM Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. network low complexity jenkins CWE-522	6.5
2022-06-30	CVE-2022-34810	Missing Authorization vulnerability in Jenkins RQM A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2022-06-30	CVE-2022-34811	Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. network low complexity jenkins CWE-862	4.3
2022-06-30	CVE-2022-34812	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. network low complexity jenkins CWE-352	4.3
2022-06-30	CVE-2022-34813	Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. network low complexity jenkins CWE-862	4.3
2022-06-30	CVE-2022-34814	Incorrect Authorization vulnerability in Jenkins Request Rename or Delete Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. network low complexity jenkins CWE-863	4.3
2022-06-30	CVE-2022-34815	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Request Rename or Delete A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. network low complexity jenkins CWE-352	4.3
2022-06-30	CVE-2022-34816	Insufficiently Protected Credentials vulnerability in Jenkins HPE Network Virtualization 1.0 Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. network low complexity jenkins CWE-522	6.5
2022-06-30	CVE-2022-34817	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Failed JOB Deactivator A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. network low complexity jenkins CWE-352	4.3