Lucene search
K

137 matches found

vulnersOsv
vulnersOsv
added 2023/08/16 3:30 p.m.5 views

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40336 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)

org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40336 Source advisory: OSV:GHSA-4VQP-PCM3-73XP...

8.8CVSS7.2AI score0.00406EPSS
Exploits0
NCSC
NCSC
added 2023/07/27 12:0 a.m.8 views

Vulnerabilities fixed in Jenkins (core) and plugins

Vulnerabilities have been fixed in Jenkins and some plugins, such as Bazaar, GitLab Authentication and Gradle. A malicious person could exploit the vulnerabilities to perform a Cross-Site-Scripting attack XSS, or a Cross-Site-Request-Forgery CSRF. Such an attack can lead to execution of arbitrary...

7.7CVSS7.2AI score0.00862EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/12 6:30 p.m.5 views

com.groupon.jenkins-ci.plugins:DotCi (>=2.8.9 <=2.40.00), com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0) +5 more potentially affected by CVE-2023-37954 via com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.16 <=1.25)

com.sonyericsson.hudson.plugins.rebuild:rebuild MAVEN version =1.16, =2.8.9, =1.1.3, =1.7.2, =1.1.2, =1.0.0, =1.1.2 - hudson.plugins:project-inheritance =2.0.0 Source cves: CVE-2023-37954 Source advisory: OSV:GHSA-5R5C-7RM4-MP4R...

4.3CVSS5.8AI score0.00287EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2023/04/19 11:47 a.m.394 views

Oracle Patch Tuesday April 2023 Security Update Review

Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...

7.5CVSS9.5AI score0.99677EPSS
Exploits128
vulnersOsv
vulnersOsv
added 2023/04/02 9:30 p.m.7 views

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2023-28669 via org.jenkins-ci.plugins:jacoco (>=1.0.14 <=1.0.9)

org.jenkins-ci.plugins:jacoco MAVEN version =1.0.14, =1.7.2, =1.0.0, =1.7, =1.12.3 Source cves: CVE-2023-28669 Source advisory: OSV:GHSA-XJ29-GFWW-J67G...

5.4CVSS6AI score0.0056EPSS
Exploits0
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.7 views

Jenkins Plugins OctoPerf Load Testing 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00425EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.7 views

Jenkins Plugins Convert To Pipeline 命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

9.8CVSS8.4AI score0.00779EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.5 views

Jenkins Plugins Performance Publisher 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.2CVSS7.8AI score0.00569EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.54 views

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...

9.9CVSS6.9AI score0.01211EPSS
Exploits0References34
RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.6 views

jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.0116EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/02/15 3:30 p.m.9 views

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-app-service (>=0.1 <=0.4.2) +8 more potentially affected by CVE-2023-25768 via org.jenkins-ci.plugins:azure-credentials (>=1.0 <=1.6.1)

org.jenkins-ci.plugins:azure-credentials MAVEN version =1.0, =0.1.0, =0.1, =0.3.0, =0.6.0, =3.0.0, =0.1.0, =1.0.0, =0.4.8, =0.1.0, =1.3, =1.5 Source cves: CVE-2023-25768 Source advisory: OSV:GHSA-PX2R-CMR2-PHW7...

6.5CVSS6.5AI score0.00639EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/02/15 3:30 p.m.4 views

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-app-service (>=0.1 <=0.4.2) +8 more potentially affected by CVE-2023-25767 via org.jenkins-ci.plugins:azure-credentials (>=1.0 <=1.6.1)

org.jenkins-ci.plugins:azure-credentials MAVEN version =1.0, =0.1.0, =0.1, =0.3.0, =0.6.0, =3.0.0, =0.1.0, =1.0.0, =0.4.8, =0.1.0, =1.3, =1.5 Source cves: CVE-2023-25767 Source advisory: OSV:GHSA-RR93-7C6X-8V4V...

8.8CVSS7.2AI score0.00455EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/02/15 3:30 p.m.4 views

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-app-service (>=0.1 <=0.4.2) +8 more potentially affected by CVE-2023-25766 via org.jenkins-ci.plugins:azure-credentials (>=1.0 <=1.6.1)

org.jenkins-ci.plugins:azure-credentials MAVEN version =1.0, =0.1.0, =0.1, =0.3.0, =0.6.0, =3.0.0, =0.1.0, =1.0.0, =0.4.8, =0.1.0, =1.3, =1.5 Source cves: CVE-2023-25766 Source advisory: OSV:GHSA-7J55-28QQ-676G...

4.3CVSS5.8AI score0.00511EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.4 views

jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS7.6AI score0.0116EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/12/12 9:30 a.m.5 views

org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:silk-performer-plugin (>=2.0.0-beta <=2.0.1-beta) potentially affected by CVE-2022-46682 via org.jenkins-ci.plugins:plot (>=1.5 <=2.1.0)

org.jenkins-ci.plugins:plot MAVEN version =1.5, =2.0.0-beta, =2.0.1-beta Source cves: CVE-2022-46682 Source advisory: OSV:GHSA-WGPP-G6V9-7HXP...

9.8CVSS7.2AI score0.00947EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/10/20 6:17 a.m.38 views

CVE-2022-43406

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.01095EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/10/19 7:0 p.m.5 views

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-43407 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-43407 Source advisory: OSV:GHSA-G66M-FQXF-3W35...

8.8CVSS7.2AI score0.00493EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/19 7:0 p.m.7 views

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +39 more potentially affected by CVE-2022-43401 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2660.vb_c0412dc4e6d)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-43401 Source advisory: OSV:GHSA-7VR5-72W7-Q6JC...

9.9CVSS7.7AI score0.01211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/19 7:0 p.m.5 views

net.praqma:memory-map (>=2.2.0 <=2.2.1), org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.1 <=2.4) +5 more potentially affected by CVE-2022-43408 via org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view (>=1.3 <=2.10)

org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view MAVEN version =1.3, =2.2.0, =2.1, =2.0.5, =1.0.0, =1.0.0, =1.0.2 Source cves: CVE-2022-43408 Source advisory: OSV:GHSA-G975-F26H-93G8...

6.5CVSS6.5AI score0.00443EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/26 12:0 a.m.70 views

Jenkins plugins Multiple Vulnerabilities (2022-08-23)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git...

6.7CVSS6.4AI score0.00781EPSS
Exploits0References5
Rows per page
Query Builder