Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-30	CVE-2022-34815	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Request Rename or Delete A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. network low complexity jenkins CWE-352	4.3
2022-06-30	CVE-2022-34816	Insufficiently Protected Credentials vulnerability in Jenkins HPE Network Virtualization 1.0 Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. network low complexity jenkins CWE-522	6.5
2022-06-30	CVE-2022-34817	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Failed JOB Deactivator A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. network low complexity jenkins CWE-352	4.3
2022-06-30	CVE-2022-34818	Missing Authorization vulnerability in Jenkins Failed JOB Deactivator Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. network low complexity jenkins CWE-862	4.3
2022-06-23	CVE-2022-34170	Cross-site Scripting vulnerability in Jenkins 2.333/2.334 In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-23	CVE-2022-34171	Cross-site Scripting vulnerability in Jenkins 2.333/2.334 In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. network low complexity jenkins CWE-79	5.4
2022-06-23	CVE-2022-34172	Cross-site Scripting vulnerability in Jenkins In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. network low complexity jenkins CWE-79	5.4
2022-06-23	CVE-2022-34173	Cross-site Scripting vulnerability in Jenkins In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2022-06-23	CVE-2022-34176	Cross-site Scripting vulnerability in Jenkins Junit Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. network low complexity jenkins CWE-79	5.4
2022-06-23	CVE-2022-34178	Cross-site Scripting vulnerability in Jenkins Embeddable Build Status 2.0.3 Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. network low complexity jenkins CWE-79	6.1