CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2025/05/23 1:10 a.m.•5 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS6.8AI score0.00071EPSS

Exploits0References1

OSV•added 2023/09/06 3:30 p.m.•19 views

GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.5CVSS6.5AI score0.00083EPSS

Exploits0References3

OSV•added 2023/09/06 1:15 p.m.•0 views

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS5.8AI score

Exploits0References2

CVE•added 2023/09/06 12:8 p.m.•113 views

CVE-2023-41932

The CVE-2023-41932 entry affects Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not restrict the 'timestamp' query parameter across multiple endpoints, which can allow an attacker to delete attacker-specified directories on the Jen...

6.5CVSS6.3AI score0.00083EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/09/06 12:0 a.m.•1 views

Jenkins Plugin Job Configuration History Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.8AI score0.00083EPSS

Exploits0References4

CNNVD•added 2023/09/06 12:0 a.m.•2 views

Jenkins Plugin Job Configuration History Code Issue Vulnerability

8.8CVSS6.9AI score0.00347EPSS

Exploits0References4

Positive Technologies•added 2023/09/06 12:0 a.m.•4 views

PT-2023-28171 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue is related to the configuration of the XML parser in the Jenkins Job Configuration History Plugin, which does not prevent XML external...

8.8CVSS8.3AI score0.00347EPSS

Exploits0References10

CNNVD•added 2023/09/06 12:0 a.m.•1 views

Jenkins Plugin Job Configuration History Path Traversal Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.7AI score0.00172EPSS

Exploits0References4

CNNVD•added 2022/08/23 12:0 a.m.•4 views

Jenkins Job Configuration History Plugin 跨站脚本漏洞

5.4CVSS5.3AI score0.16253EPSS

Exploits0References5

Positive Technologies•added 2022/08/23 12:0 a.m.•2 views

PT-2022-24514 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1165.v8cc9fd1f4597 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the job name on the System Configuration History page is n...

5.4CVSS5.1AI score0.16253EPSS

Exploits0References7

OSV•added 2022/07/27 3:15 p.m.•0 views

CVE-2022-36887

4.3CVSS5.7AI score

Exploits0References2

NVD•added 2022/07/27 3:15 p.m.•15 views

CVE-2022-36887

4.3CVSS0.00071EPSS

Exploits0References2

CVE•added 2022/07/27 2:22 p.m.•79 views

CVE-2022-36887

CVE-2022-36887 is a CSRF vulnerability in Jenkins Job Configuration History Plugin (versions up to 1155.v28a_46a_cc06a_5). The issue allows an attacker to delete entries from job, agent, and system configuration history or restore older configurations by convincing a user to perform unwanted acti...

4.3CVSS4.5AI score0.00071EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/07/27 2:22 p.m.•20 views

CVE-2022-36887

5.3AI score0.00071EPSS

Exploits0References2

Positive Technologies•added 2022/07/27 12:0 a.m.•2 views

PT-2022-4029 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1155.v28a 46a cc06a 5 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability. This vulnerability can be exploited by a remote attacker to perform a CS...

5CVSS4.5AI score0.00071EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by