Lucene search

K

Warnings Security Vulnerabilities

cve
cve

CVE-2023-46651

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to...

6.5CVSS

6.3AI Score

0.0005EPSS

2023-10-25 06:17 PM
20
cve
cve

CVE-2018-1000012

Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service...

8.8CVSS

8.6AI Score

0.001EPSS

2022-10-03 04:21 PM
27
cve
cve

CVE-2019-1003023

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,...

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:19 PM
23
cve
cve

CVE-2019-1003007

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP...

8.8CVSS

8.8AI Score

0.001EPSS

2022-10-03 04:19 PM
24
cve
cve

CVE-2019-1003008

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP...

8.8CVSS

8.8AI Score

0.001EPSS

2022-10-03 04:19 PM
22
cve
cve

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file...

8.1CVSS

7.7AI Score

0.001EPSS

2022-01-12 08:15 PM
67
cve
cve

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

4.3CVSS

4.7AI Score

0.001EPSS

2021-03-18 02:15 PM
45
cve
cve

CVE-2020-2280

A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary...

8.8CVSS

8.9AI Score

0.001EPSS

2020-09-23 02:15 PM
40
cve
cve

CVE-2019-10326

A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future...

4.3CVSS

4.5AI Score

0.002EPSS

2019-05-31 03:29 PM
174
cve
cve

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview...

5.4CVSS

5.1AI Score

0.001EPSS

2019-05-31 03:29 PM
153