Job And Node Ownership Security Vulnerabilities and Issues — Job And Node Ownership CVE List

Lucene search

JenkinsJob And Node Ownership

5 matches found

CVE•added 2022/03/29 1:15 p.m.•127 views

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

4.3CVSS4.3AI score0.00362EPSS

CVE•added 2022/03/29 1:15 p.m.•125 views

CVE-2022-28152

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.

4.3CVSS4.4AI score0.00064EPSS

CVE•added 2022/03/29 1:15 p.m.•111 views

CVE-2022-28150

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.

8.8CVSS8.6AI score0.00048EPSS

CVE•added 2022/03/29 1:15 p.m.•103 views

CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

5.4CVSS5.2AI score0.31598EPSS

CVE•added 2018/03/13 1:29 p.m.•56 views

CVE-2018-1000107

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related perm...

6.5CVSS6.3AI score0.00021EPSS