Vulnerabilidades en Jenkins Project

1522 resultados
CVE-2020-2139An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report fileEPSS 1.6%CVE-2021-21673Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attEPSS 1.6%CVE-2019-10384Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSEPSS 1.6%CVE-2022-34179Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG EPSS 1.6%CVE-2019-1003006A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.javEPSS 1.6%CVE-2021-21697Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins EPSS 1.6%CVE-2019-1003099A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows atEPSS 1.5%CVE-2019-1003003An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TEPSS 1.5%CVE-2023-27905CRITICALJenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resultinEPSS 1.5%CVE-2022-25182A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/EPSS 1.5%CVE-2022-25181A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/EPSS 1.5%CVE-2019-1003081A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validEPSS 1.5%CVE-2019-1003093A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackersEPSS 1.5%CVE-2021-21658Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.5%CVE-2019-1003079A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation metEPSS 1.5%CVE-2019-10290A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form vaEPSS 1.5%CVE-2019-10308A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form hanEPSS 1.5%CVE-2019-1003087A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation meEPSS 1.5%CVE-2019-1003047A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to EPSS 1.5%CVE-2019-1003085A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method EPSS 1.5%