Blue Ocean Security Vulnerabilities and Issues — Blue Ocean CVE List

Lucene search

JenkinsBlue Ocean

11 matches found

CVE•added 2022/05/17 3:15 p.m.•604 views

CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.

6.5CVSS6.3AI score0.0038EPSS

CVE•added 2023/08/16 3:15 p.m.•331 views

CVE-2023-40341

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

8.8CVSS8.6AI score0.00311EPSS

CVE•added 2022/05/17 3:15 p.m.•147 views

CVE-2022-30953

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

6.5CVSS6.4AI score0.0004EPSS

CVE•added 2022/05/17 3:15 p.m.•142 views

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

6.5CVSS6.3AI score0.003EPSS

CVE•added 2020/09/16 2:15 p.m.•91 views

CVE-2020-2255

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

4.3CVSS4.2AI score0.00061EPSS

CVE•added 2020/09/16 2:15 p.m.•79 views

CVE-2020-2254

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

6.5CVSS6.1AI score0.02419EPSS

CVE•added 2017/10/05 1:29 a.m.•72 views

CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocea...

8.5CVSS8.4AI score0.0003EPSS

CVE•added 2019/02/06 4:29 p.m.•67 views

CVE-2019-1003012

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/...

6.5CVSS6.3AI score0.00163EPSS

CVE•added 2019/02/06 4:29 p.m.•63 views

CVE-2019-1003013

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/mai...

5.4CVSS5.1AI score0.00042EPSS

CVE•added 2017/10/05 1:29 a.m.•61 views

CVE-2017-1000110

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when confi...

4.3CVSS4.4AI score0.00042EPSS

CVE•added 2017/10/05 1:29 a.m.•56 views

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

5.3CVSS5.1AI score0.00038EPSS