com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), io.jenkins.blueocean:blueocean (>=1.27.17 <=1.27.25) +8 more potentially affected by CVE-2026-42524 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.6)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.9.2-beta, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =1.0.18 Source cves: CVE-2026-42524 Source advisory: OSV:GHSA-F8H4-46XV-H7JJ...

CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

CVE-2017-1000110

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when...

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.lookout.jenkins:environment-script (=100.v3a_f1a_6a_b_7549) +126 more potentially affected by CVE-2024-34145 via org.jenkins-ci.plugins:script-security (>=1138.v8e727069a_025 <=1335.vf07d9ce377a_e)

org.jenkins-ci.plugins:script-security MAVEN version =1138.v8e727069a025, =2.33.0, =1.1.0.413.v3023d27e8434, =320.v5a0933ae7d61, =2.4.2, =3.0, =4.1.0, =1.27.17, =1.27.4, =1.27.4, =1714.v09593e830cfa, =11.2.0, =12.9.1 and more Source cves: CVE-2024-34145 Source advisory:...

RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

GHSA-G4PQ-P927-7PGG Jenkins Blue Ocean Plugin cross-site request forgery vulnerability

Jenkins Blue Ocean Plugin 1.27.5 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an...

Critical: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2225 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2225 Source advisory: OSV:GHSA-W43X-5F8F-686P...

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...

Jenkins Blue Ocean cross-site request forgery vulnerability

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Blue Ocean 1.25.3 and earlier...

Jenkins Pipeline SCM API for Blue Ocean Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to access arbitrary user...

Missing permission check in Jenkins Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the...

GHSA-5M4Q-X28V-Q6WP Missing permission check in Jenkins Blue Ocean Plugin

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the...

Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin

When pipelines are created using the pipeline creation wizard in Blue Ocean, the credentials used are stored in the per-user credentials store of the user creating the pipeline. To allow pipelines to use this credential to scan repositories and checkout from SCM, the Blue Ocean Credentials Provid...

GHSA-HGPQ-42PF-9VFQ Cross Site Request Forgery in Jenkins Blue Ocean Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Blue Ocean Plugin 1.25.4 requires POST requests and the appropriate permissions for the affected HTTP endpoints...

GHSA-G74W-93CP-5P3P Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin

When pipelines are created using the pipeline creation wizard in Blue Ocean, the credentials used are stored in the per-user credentials store of the user creating the pipeline. To allow pipelines to use this credential to scan repositories and checkout from SCM, the Blue Ocean Credentials Provid...

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...