Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Checkmarx Security Vulnerabilities - May

cve
cve

CVE-2022-25200

A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

8.8CVSS

8.6AI Score

0.001EPSS

2022-02-15 05:15 PM
111
cve
cve

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

6.5CVSS

6.5AI Score

0.001EPSS

2022-02-15 05:15 PM
105
cve
cve

CVE-2022-46684

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.

5.4CVSS

5.4AI Score

0.001EPSS

2022-12-12 09:15 AM
51
cve
cve

CVE-2023-35142

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.

8.1CVSS

7.9AI Score

0.003EPSS

2023-06-14 01:15 PM
32