Vulnerabilidades en Jenkins Project
1522 resultadosCVE-2021-21632—A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to conneEPSS 1.1%CVE-2019-10305—A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows EPSS 1.1%CVE-2022-28160—Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controlleEPSS 1.1%CVE-2019-1003023—A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/pluginsEPSS 1.0%CVE-2020-2169—A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error EPSS 1.0%CVE-2019-10399—A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property exprEPSS 1.0%CVE-2019-10393—A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expEPSS 1.0%CVE-2019-10400—A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment andEPSS 1.0%CVE-2019-10414—Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could EPSS 1.0%CVE-2019-10394—A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property exprEPSS 1.0%CVE-2019-10338—A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient aEPSS 1.0%CVE-2019-1003027—A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allowsEPSS 1.0%CVE-2019-10438—A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission tEPSS 1.0%CVE-2019-10403—Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a storedEPSS 1.0%CVE-2019-10402—In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a storeEPSS 1.0%CVE-2020-2225—Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multipleEPSS 1.0%CVE-2019-10401—In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, rEPSS 1.0%CVE-2019-10404—Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a storedEPSS 1.0%CVE-2020-2223—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in tEPSS 1.0%CVE-2020-2319—Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controEPSS 1.0%