Lucene search
K

11 matches found

CVE
CVE
added 2025/07/09 3:39 p.m.44 views

CVE-2025-53652

Summary (CVE-2025-53652) : Jenkins Git Parameter Plugin (versions 439.vb_0e46ca_14534 and earlier) does not validate that the submitted Git parameter matches an offered choice. With Item/Build permission, an attacker can inject arbitrary values into Git parameters, which can propagate to the SCM ...

8.2CVSS6.5AI score0.00618EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/04 2:38 p.m.6 views

jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines

A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...

8CVSS5.7AI score0.0044EPSS
Exploits1References5
OSV
OSV
added 2024/11/13 9:15 p.m.5 views

CVE-2024-52551

Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...

8CVSS7.6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/13 8:53 p.m.23 views

CVE-2024-52550

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...

6.7AI score0.0044EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.7 views

PT-2024-35373 · Jenkins · Jenkins Pipeline: Declarative Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Declarative Plugin versions 2.2214.vb b 34b 2ea 9b 83 and earlier Description: The issue allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved, as the plugin...

8CVSS6.4AI score0.00567EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.3 views

SUSE CVE-2017-1000108

The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead...

7.5CVSS6.8AI score0.01146EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:29 a.m.22 views

Jenkins Pipeline: Input Step Plugin

The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead...

7.5CVSS3.5AI score0.01146EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/17 12:29 a.m.2 views

GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

6.5CVSS5.9AI score0.01031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/04/21 12:0 a.m.5 views

PT-2021-14690 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.21 and earlier Description: The issue concerns a lack of permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build...

4.3CVSS4.3AI score0.01456EPSS
Exploits0References8
CVE
CVE
added 2017/10/04 1:0 a.m.79 views

CVE-2017-1000108

CVE-2017-1000108 concerns the Jenkins Pipeline: Input Step Plugin. The vulnerability arises because, by default, users with Item/Read access could interact with the input step, potentially exposing sensitive workflow interactions. The issue is mitigated by changing the permission model so that on...

7.5CVSS7.3AI score0.01146EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2017/09/08 3:14 a.m.4 views

jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)

Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...

6.5CVSS6.5AI score0.01031EPSS
Exploits0References5
Rows per page
Query Builder