Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...

CVE-2026-33003

CVE-2026-33003 affects Jenkins LoadNinja Plugin versions 2.1 and earlier. The underlying issue is that LoadNinja API keys are stored unencrypted in job config.xml files on the Jenkins controller. This can allow disclosure to users with Item/Extended Read permissions or anyone with access to the J...

CVE-2022-43428

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

PT-2022-22044 · Jenkins · Jenkins Pipeline: Input Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Input Step Plugin versions 448.v37cea 9a 10a 70 and earlier Description: The issue allows attackers who can configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specifi...

jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...