Lucene search
K

16 matches found

Snyk
Snyk
added 2025/12/10 6:30 p.m.4 views

Improper Ownership Management

Overview Affected versions of this package are vulnerable to Improper Ownership Management due to improper context setting during Vault credentials lookup. An attacker can access and potentially capture sensitive Vault credentials by leveraging Item/Configure permissions. Remediation There is no...

5.3CVSS6.8AI score0.00202EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.6 views

CVE-2022-29037

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 p.m.6 views

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

7.6CVSS6.7AI score0.00904EPSS
Exploits0
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.5 views

RabbitMQ 访问控制错误漏洞

RabbitMQ is a feature-rich multi-protocol messaging and streaming agent open-sourced by RabbitMQ. An access control error vulnerability exists in RabbitMQ that stems from not validating a user's configure permissions when deleting a queue via the HTTP API. A user with valid credentials, partial...

6.5CVSS6.3AI score0.00367EPSS
Exploits0References5
Veracode
Veracode
added 2024/10/04 6:41 a.m.8 views

Incorrect Authorization

Jenkins is vulnerable to Incorrect Authorization. The vulnerability is due to incomplete enforcement of item creation checks, where prohibited items are created in memory and can be saved to persist them, bypassing restrictions when attackers have Item/Configure permissions...

4.3CVSS4.5AI score0.00669EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/05 2:47 p.m.5 views

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

6.5CVSS5.6AI score0.00698EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:7 p.m.20 views

GHSA-F5WX-W2F9-82GH XXE vulnerability in Jenkins WebSphere Deployer Plugin

WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm-web-ext.xml which is parsed by the plugin...

7.6CVSS7.5AI score0.00904EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.24 views

Jenkins Jira Plugin Incorrect Authorization vulnerability

An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS3.7AI score0.01194EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.19 views

Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information

\Jenkins Cloud Foundry Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

8.8CVSS6.5AI score0.01348EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.9AI score0.01443EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/15 5:15 p.m.3 views

CVE-2022-27196

Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions...

5.4CVSS5.8AI score0.00792EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/01/24 6:5 p.m.24 views

CVE-2022-20615

A stored Cross-site scripting XSS vulnerability was found in the Jenkins Matrix Project plugin. There are no escape HTML metacharacters in node, label names, and label descriptions, which allows an attacker with Agent/Configure permissions to perform an XSS attack...

5.4CVSS2.8AI score0.81842EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/03 12:28 p.m.3 views

jenkins: Path traversal vulnerability in agent names

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8CVSS5.7AI score0.02219EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/02/17 7:6 p.m.5 views

jenkins: Path traversal vulnerability in agent names

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8CVSS5.7AI score0.02219EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/01/29 3:15 p.m.26 views

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

7.8AI score0.00904EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/01/14 5:32 a.m.3 views

jenkins: Stored XSS vulnerability in expandable textbox form control

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

5.4CVSS6AI score0.01033EPSS
Exploits0References4
Rows per page
Query Builder