Blue Ocean Security Vulnerabilities and Issues — Blue Ocean CVE List

Lucene search

JenkinsBlue Ocean

5 matches found

CVE•added 2022/05/17 3:15 p.m.•604 views

CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.

6.5CVSS6.3AI score0.0038EPSS

CVE•added 2022/05/17 3:15 p.m.•147 views

CVE-2022-30953

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

6.5CVSS6.4AI score0.0004EPSS

CVE•added 2022/05/17 3:15 p.m.•142 views

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

6.5CVSS6.3AI score0.003EPSS

CVE•added 2020/09/16 2:15 p.m.•79 views

CVE-2020-2254

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

6.5CVSS6.1AI score0.02419EPSS

CVE•added 2019/02/06 4:29 p.m.•67 views

CVE-2019-1003012

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/...

6.5CVSS6.3AI score0.00163EPSS