Vulnerabilidades en Jenkins project

1522 resultados

CVE-2020-2181—Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build conEPSS 1.1%CVE-2024-28157HIGHJenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vEPSS 1.1%CVE-2020-2221—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resultingEPSS 1.1%CVE-2020-2114—Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration foEPSS 1.1%CVE-2020-2315—Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2019-16555—A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptiEPSS 1.1%CVE-2022-29047—Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requeEPSS 1.1%CVE-2020-2104—Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.EPSS 1.1%CVE-2021-43578—Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any EPSS 1.1%CVE-2019-10415—Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins EPSS 1.1%CVE-2019-10416—Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master whEPSS 1.1%CVE-2020-2172—Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2023-24427CRITICALJenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.EPSS 1.1%CVE-2022-45388HIGHJenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated EPSS 1.1%CVE-2020-2306—A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of naEPSS 1.1%CVE-2019-10331—A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackEPSS 1.1%CVE-2022-45395CRITICALJenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2022-45400CRITICALJenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2020-2234—A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect tEPSS 1.1%CVE-2021-21644—A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configEPSS 1.1%

← anteriorpágina 21 / 77siguiente →