Vulnerabilities > Jenkins > Warnings Next Generation > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-12 | CVE-2022-23107 | Path Traversal vulnerability in Jenkins Warnings Next Generation Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | 8.1 |
2019-02-06 | CVE-2019-1003008 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings Next Generation A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | 8.8 |