Lucene search

K

Jenkins Build With Parameters Plugin Security Vulnerabilities

cve
cve

CVE-2024-2216

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting...

6.4AI Score

0.0004EPSS

2024-03-06 05:15 PM
36
cve
cve

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing...

7.5CVSS

7.5AI Score

0.001EPSS

2022-06-23 05:15 PM
89
4
cve
cve

CVE-2022-29045

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

5.4CVSS

5.3AI Score

0.001EPSS

2022-04-12 08:15 PM
77
cve
cve

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with...

5.4CVSS

5.4AI Score

0.001EPSS

2022-04-12 08:15 PM
70
cve
cve

CVE-2022-25180

Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a...

4.3CVSS

4.6AI Score

0.001EPSS

2022-02-15 05:15 PM
165
cve
cve

CVE-2021-21630

Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure...

5.4CVSS

5.2AI Score

0.001EPSS

2021-03-30 12:16 PM
48
2
cve
cve

CVE-2021-21629

A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified...

8.8CVSS

8.6AI Score

0.001EPSS

2021-03-30 12:16 PM
52
2
cve
cve

CVE-2021-21628

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure...

5.4CVSS

5.2AI Score

0.001EPSS

2021-03-30 12:16 PM
49
2
cve
cve

CVE-2020-2289

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure...

5.4CVSS

5.3AI Score

0.001EPSS

2020-10-08 01:15 PM
37
cve
cve

CVE-2020-2238

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure...

5.4CVSS

5.3AI Score

0.001EPSS

2020-09-01 02:15 PM
38