Vulnerabilidades en Jenkins Project

1522 resultados

CVE-2022-30971—Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2022-23106—Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token aEPSS 1.1%CVE-2019-10381—Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.EPSS 1.1%CVE-2020-2091—A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attaEPSS 1.1%CVE-2022-20614—A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNEPSS 1.1%CVE-2019-1003012—A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueEPSS 1.1%CVE-2020-2298—Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2019-10325—A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to injecEPSS 1.1%CVE-2023-25765CRITICALIn Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowiEPSS 1.1%CVE-2022-43406—A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with EPSS 1.1%CVE-2022-43404—A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script EPSS 1.1%CVE-2022-25211—A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attackerEPSS 1.1%CVE-2022-25209—Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2022-43416HIGHJenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invEPSS 1.1%CVE-2021-21660—Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (EPSS 1.1%CVE-2020-2165—Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, EPSS 1.1%CVE-2021-21643—Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attacEPSS 1.1%CVE-2020-2280—A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.EPSS 1.1%CVE-2020-2144—Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2022-25208—A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins senEPSS 1.1%

← anteriorpágina 20 / 77siguiente →