Deployment Dashboard@* Security Vulnerabilities and Issues — Deployment Dashboard@* CVE List

Lucene search

JenkinsDeployment Dashboard*

6 matches found

CVE•added 2022/06/30 6:15 p.m.•267 views

CVE-2022-34797

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.

4.3CVSS4.9AI score0.00114EPSS

CVE•added 2022/06/30 6:15 p.m.•266 views

CVE-2022-34796

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3CVSS4.8AI score0.00969EPSS

CVE•added 2022/06/30 6:15 p.m.•266 views

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

4.3CVSS5AI score0.00814EPSS

CVE•added 2022/06/30 6:15 p.m.•264 views

CVE-2022-34799

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

4.3CVSS4.9AI score0.00648EPSS

CVE•added 2022/06/30 6:15 p.m.•260 views

CVE-2022-34795

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

5.4CVSS5.4AI score0.15322EPSS

CVE•added 2023/12/13 6:15 p.m.•33 views

CVE-2023-50775

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.

4.3CVSS4.5AI score0.00048EPSS