37 matches found
Authorization Bypass
Jenkins global-build-stats Plugin is vulnerable to Authorization Bypass. The vulnerability is due to missing permission checks in REST API endpoints, where the plugin exposes graph-related APIs without validating the caller’s authorization, and allows attackers with Overall/Read permission to...
CVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...
Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...
Missing Authorization
Overview org.jenkins-ci.plugins:global-build-stats is a global-build-stats plugin Affected versions of this package are vulnerable to Missing Authorization via the REST API endpoints, which do not perform permission checks. An attacker can enumerate graph IDs by sending requests with only...
GHSA-GM8G-FH49-QQ6V Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...
org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2025-58459 via org.jenkins-ci.plugins:global-build-stats (=1.2)
org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2025-58459...
CVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...
CVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...
CVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...
CVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...
CVE-2025-58459
Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...
CVE-2025-58459
The CVE concerns Jenkins global-build-stats Plugin, affected versions 322.v22f4db_18e2dd and earlier, which do not perform permission checks in REST API endpoints. This allows attackers with Overall/Read permissions to enumerate graph IDs, indicating a disclosure/enumeration risk without exploita...
Jenkins plugin global-build-stats 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
PT-2025-35781
Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 322.v22f4db 18e2dd and earlier Description: The Jenkins global-build-stats Plugin does not perform permission checks in its REST API endpoints. Attackers with Overall/Read permission can enumerate...
SUSE CVE-2017-1000389
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...
org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2017-1000389 via org.jenkins-ci.plugins:global-build-stats (=1.2)
org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2017-1000389...
GHSA-GW8G-HH47-Q4GW Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...
Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...
Jenkins global-build-stats Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects. The vulnerability is caused by the plugin's failure to escape multiple fields in the chart configuration...
org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2022-27207 via org.jenkins-ci.plugins:global-build-stats (=1.2)
org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2022-27207...