Missing Authorization

Overview org.jenkins-ci.plugins:job-import-plugin is a package that imports jobs from another Jenkins instance. Affected versions of this package are vulnerable to Missing Authorization via the HTTP endpoint. An attacker can enumerate credential IDs by sending crafted requests if they have...

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

EUVD-2026-32517

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48926

The CVE-2026-48926 entry concerns Jenkins Job Import Plugin (versions 143.v044a_2e819b_27 and earlier) where an HTTP endpoint does not enforce a permission check. The flaw enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins, indicating an authorization issue with...

Jenkins Job Import Plugin 安全漏洞

The Jenkins Job Import Plugin is an open-source plugin for Jenkins that allows the import and migration of Jenkins tasks. The Jenkins Job Import Plugin versions 143.v044a2e819b27 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks at the HTT...

EUVD-2022-2526

Malicious code in bioql PyPI...

EUVD-2022-3165

Malicious code in bioql PyPI...

EUVD-2022-3143

Malicious code in bioql PyPI...

EUVD-2022-7014

Malicious code in bioql PyPI...

CVE-2022-43413

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2019-1003017

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

CVE-2019-1003015

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to read...

CVE-2019-1003016

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,...

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...

Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in Job Import Plugin 3.6 requires Job Import/Import...

CVE-2022-43413

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

PT-2022-26898 · Jenkins · Jenkins Job Import Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Import Plugin versions 3.5 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins due to a lack of permission check in an HTTP endpoint. In...

CVE-2022-43413

CVE-2022-43413 affects the Jenkins Job Import Plugin up to version 3.5. The issue is a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. The Connected documents corroborate this description and identif...