16 matches found
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not requiring POST requests for an HTTP endpoint. This vulnerability allows attackers to resume failed Multijob builds. Remediation Upgrade org.jenkins-ci.plugins:jenkins-multijob-plugin to version...
CVE-2026-9674
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...
CVE-2026-9674
CVE-2026-9674 is a CSRF vulnerability in Jenkins Multijob Plugin (versions including 662.vd2e0001f6b_b_d and earlier) that allows an attacker to resume failed Multijob builds. The NVD/NVD-derived data attributes a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complex...
EUVD-2026-32519
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...
CVE-2026-9674
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...
CVE-2026-9674
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...
CVE-2026-9674
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...
CVE-2026-9674
A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...
GHSA-P9R2-GGHQ-HC57 Jenkins Multijob plugin did not check permissions in the Resume Build action
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. Multijob plugin 1.26 introduced a permission check requiring Overall/Administer. This was lowered to Job/Build in version 1.27...
org.jenkins-ci.plugins:vectorcast-execution (>=0.16 <=0.61), org.zeroturnaround.jenkins:build-flow-test-aggregator (>=1.1 <=1.2) potentially affected by CVE-2017-1000390 via org.jenkins-ci.plugins:jenkins-multijob-plugin (>=1.16 <=1.21)
org.jenkins-ci.plugins:jenkins-multijob-plugin MAVEN version =1.16, =0.16, =1.1, =1.2 Source cves: CVE-2017-1000390 Source advisory: OSV:GHSA-P9R2-GGHQ-HC57...
CloudBees Jenkins Multijob plugin security bypass vulnerability
CloudBees Jenkins is a Java-based continuous integration tool from CloudBees, Inc. that is used to monitor ongoing software releases/testing projects and timed tasks.Multijob is used as one of the options for defining complex and hierarchical job structures in Jenkins. A security bypass...
CVE-2017-1000390
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...
Code injection
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...
CVE-2017-1000390
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...
CVE-2017-1000390
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...
CVE-2017-1000390
The CVE-2017-1000390 entry concerns the Jenkins Multijob plugin where versions up to 1.25 did not enforce permissions for the Resume Build action. This allowed anyone with Job/Read permission to resume a build, representing a security bypass of build control. Affected component: Jenkins Multijob ...