CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

Jenkins plugins Multiple Vulnerabilities (2022-05-17)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenki...

Jenkins Pipeline SCM API for Blue Ocean Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to access arbitrary user...

io.jenkins.blueocean:blueocean (>=1.1.0 <=1.1.7), io.jenkins.blueocean:blueocean-events (>=1.1.0 <=1.1.7) +3 more potentially affected by CVE-2022-30952 via io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.1.0-beta-4 <=1.1.7)

io.jenkins.blueocean:blueocean-pipeline-scm-api MAVEN version =1.1.0-beta-4, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.7 Source cves: CVE-2022-30952 Source advisory: OSV:GHSA-G74W-93CP-5P3P...

Improper Authentication in Jenkins Blue Ocean Plugin

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

Information Disclosure

maven-scm-api is vulnerable to information disclosure attacks. If a git push command failed, the password is printed in plaintext to the logs...