Vulnerabilities > Jenkins > Support Core

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-45383 Incorrect Authorization vulnerability in Jenkins Support Core
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
network
low complexity
jenkins CWE-863
6.5
2022-02-15 CVE-2022-25187 Improper Cross-boundary Removal of Sensitive Data vulnerability in Jenkins Support Core
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.
network
low complexity
jenkins CWE-212
6.5
2021-02-24 CVE-2021-21621 Information Exposure vulnerability in Jenkins Support Core
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
network
low complexity
jenkins CWE-200
5.3
2019-11-21 CVE-2019-16540 Path Traversal vulnerability in Jenkins Support Core
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.
network
low complexity
jenkins CWE-22
6.5
2019-11-21 CVE-2019-16539 Improper Preservation of Permissions vulnerability in Jenkins Support Core
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
network
low complexity
jenkins CWE-281
6.5