Vulnerabilidades en Jenkins Project

1522 resultados
CVE-2021-21621Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication deEPSS 1.2%CVE-2023-24456CRITICALJenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.EPSS 1.2%CVE-2022-34181Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't existEPSS 1.2%CVE-2019-10417Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke aEPSS 1.2%CVE-2019-10418Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke aEPSS 1.2%CVE-2020-2307Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variableEPSS 1.2%CVE-2023-24449MEDIUMJenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing EPSS 1.2%CVE-2022-25188Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackersEPSS 1.2%CVE-2022-41231MEDIUMJenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on EPSS 1.2%CVE-2021-21684Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying themEPSS 1.2%CVE-2022-30947Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins EPSS 1.2%CVE-2023-24455MEDIUMJenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackersEPSS 1.2%CVE-2019-1003095Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vieweEPSS 1.2%CVE-2019-10407Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive vEPSS 1.2%CVE-2021-21610Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup pEPSS 1.2%CVE-2023-24424HIGHJenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.EPSS 1.2%CVE-2019-10432Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cEPSS 1.2%CVE-2022-43405A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission EPSS 1.2%CVE-2021-21641A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.EPSS 1.2%CVE-2022-43402A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy PlugiEPSS 1.2%