11 matches found
CVE-2025-53652
Summary (CVE-2025-53652) : Jenkins Git Parameter Plugin (versions 439.vb_0e46ca_14534 and earlier) does not validate that the submitted Git parameter matches an offered choice. With Item/Build permission, an attacker can inject arbitrary values into Git parameters, which can propagate to the SCM ...
jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines
A flaw was found in the Jenkins Pipeline: Groovy Plugin jenkins-plugin/workflow-cps. This vulnerability allows attackers with Item/Build permission to rebuild a previous build whose main Jenkinsfile script is no longer approved, bypassing script approval checks via the rebuild action...
CVE-2024-52551
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
CVE-2024-52550
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...
PT-2024-35373 · Jenkins · Jenkins Pipeline: Declarative Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Declarative Plugin versions 2.2214.vb b 34b 2ea 9b 83 and earlier Description: The issue allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved, as the plugin...
SUSE CVE-2017-1000108
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead...
Jenkins Pipeline: Input Step Plugin
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead...
GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...
PT-2021-14690 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.21 and earlier Description: The issue concerns a lack of permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build...
CVE-2017-1000108
CVE-2017-1000108 concerns the Jenkins Pipeline: Input Step Plugin. The vulnerability arises because, by default, users with Item/Read access could interact with the input step, potentially exposing sensitive workflow interactions. The issue is mitigated by changing the permission model so that on...
jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...