Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jenkins File Parameter Plugin Security Vulnerabilities

cve
cve

CVE-2023-50764

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file...

8.1CVSS

7.2AI Score

0.0005EPSS

2023-12-13 06:15 PM
16
cve
cve

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file...

6.5CVSS

6.3AI Score

0.0005EPSS

2023-06-14 01:15 PM
34
cve
cve

CVE-2023-32986

Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with...

8.8CVSS

8.7AI Score

0.001EPSS

2023-05-16 04:15 PM
20
cve
cve

CVE-2022-45388

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file...

7.5CVSS

7.5AI Score

0.002EPSS

2022-11-15 08:15 PM
224
7
cve
cve

CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a style query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to...

7.5CVSS

7.4AI Score

0.002EPSS

2022-06-23 05:15 PM
57
4
cve
cve

CVE-2022-34187

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-23 05:15 PM
57
4
cve
cve

CVE-2022-27195

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...

5.5CVSS

5.4AI Score

0.0004EPSS

2022-03-15 05:15 PM
101
cve
cve

CVE-2020-2124

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file...

4.3CVSS

4.6AI Score

0.001EPSS

2020-02-12 03:15 PM
34