Lucene search
K

37 matches found

Veracode
Veracode
added 2025/12/13 4:54 a.m.6 views

Authorization Bypass

Jenkins global-build-stats Plugin is vulnerable to Authorization Bypass. The vulnerability is due to missing permission checks in REST API endpoints, where the plugin exposes graph-related APIs without validating the caller’s authorization, and allows attackers with Overall/Read permission to...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/05 3:22 p.m.5 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

4.3CVSS6.8AI score0.00258EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/03 3:30 p.m.18 views

Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...

4.3CVSS6.8AI score0.00258EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/09/03 3:30 p.m.3 views

Missing Authorization

Overview org.jenkins-ci.plugins:global-build-stats is a global-build-stats plugin Affected versions of this package are vulnerable to Missing Authorization via the REST API endpoints, which do not perform permission checks. An attacker can enumerate graph IDs by sending requests with only...

5.3CVSS6.9AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2025/09/03 3:30 p.m.4 views

GHSA-GM8G-FH49-QQ6V Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...

4.3CVSS6.8AI score0.00258EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/09/03 3:30 p.m.6 views

org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2025-58459 via org.jenkins-ci.plugins:global-build-stats (=1.2)

org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2025-58459...

4.3CVSS5.8AI score0.00258EPSS
Exploits0
NVD
NVD
added 2025/09/03 3:15 p.m.14 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

4.3CVSS0.00258EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/09/03 3:15 p.m.4 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

4.3CVSS6.5AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2025/09/03 3:15 p.m.3 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

4.3CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2025/09/03 3:2 p.m.20 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 3:2 p.m.3 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

6.3AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 3:2 p.m.20 views

CVE-2025-58459

The CVE concerns Jenkins global-build-stats Plugin, affected versions 322.v22f4db_18e2dd and earlier, which do not perform permission checks in REST API endpoints. This allows attackers with Overall/Read permissions to enumerate graph IDs, indicating a disclosure/enumeration risk without exploita...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

Jenkins plugin global-build-stats 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.4AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.5 views

PT-2025-35781

Name of the Vulnerable Software and Affected Versions: Jenkins global-build-stats Plugin versions 322.v22f4db 18e2dd and earlier Description: The Jenkins global-build-stats Plugin does not perform permission checks in its REST API endpoints. Attackers with Overall/Read permission can enumerate...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.3 views

SUSE CVE-2017-1000389

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

6.1CVSS6.1AI score0.00861EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/14 3:45 a.m.4 views

org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2017-1000389 via org.jenkins-ci.plugins:global-build-stats (=1.2)

org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2017-1000389...

6.1CVSS6.3AI score0.00861EPSS
Exploits0
OSV
OSV
added 2022/05/14 3:45 a.m.10 views

GHSA-GW8G-HH47-Q4GW Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

6.1CVSS6.2AI score0.00861EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.21 views

Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

6.1CVSS6.3AI score0.00861EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/03/17 12:0 a.m.23 views

Jenkins global-build-stats Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects. The vulnerability is caused by the plugin's failure to escape multiple fields in the chart configuration...

3.5CVSS5.2AI score0.00757EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/03/16 12:0 a.m.4 views

org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2022-27207 via org.jenkins-ci.plugins:global-build-stats (=1.2)

org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2022-27207...

4.8CVSS5.8AI score0.00757EPSS
Exploits0
Rows per page
Query Builder