Vulnerabilities > Oracle > Communications Cloud Native Core Automated Test Suite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2022-20612 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | 4.3 |
| 2022-01-12 | CVE-2022-20613 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 |
| 2022-01-12 | CVE-2022-20614 | Missing Authorization vulnerability in multiple products A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 |
| 2022-01-12 | CVE-2022-20615 | Cross-site Scripting vulnerability in multiple products Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 |
| 2021-08-23 | CVE-2021-39140 | Infinite Loop vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 6.3 |
| 2021-07-26 | CVE-2021-22144 | Uncontrolled Recursion vulnerability in multiple products In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. | 6.5 |
| 2021-07-21 | CVE-2021-22145 | Information Exposure Through an Error Message vulnerability in multiple products A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. | 6.5 |
| 2021-07-14 | CVE-2021-36373 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-07-14 | CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-03-08 | CVE-2021-22134 | Incorrect Authorization vulnerability in multiple products A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. | 4.3 |