Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-34805 | Insufficiently Protected Credentials vulnerability in Jenkins Skype Notifier 1.0/1.0.1/1.1.0 Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34806 | Insufficiently Protected Credentials vulnerability in Jenkins Jigomerge Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34807 | Insufficiently Protected Credentials vulnerability in Jenkins Elasticsearch Query 1.1/1.2 Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34808 | Insufficiently Protected Credentials vulnerability in Jenkins Cisco Spark Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 4.3 |
| 2022-06-30 | CVE-2022-34809 | Insufficiently Protected Credentials vulnerability in Jenkins RQM Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
| 2022-06-30 | CVE-2022-34810 | Missing Authorization vulnerability in Jenkins RQM A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 6.5 |
| 2022-06-30 | CVE-2022-34811 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. | 4.3 |
| 2022-06-30 | CVE-2022-34812 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xpath Configuration Viewer A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. | 4.3 |
| 2022-06-30 | CVE-2022-34813 | Missing Authorization vulnerability in Jenkins Xpath Configuration Viewer A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. | 4.3 |
| 2022-06-30 | CVE-2022-34814 | Incorrect Authorization vulnerability in Jenkins Request Rename or Delete Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. | 4.3 |