Vulnerabilidades em Jenkins Project
1.522 resultadosCVE-2019-10327—An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to controEPSS 1.5%CVE-2020-2304—Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.5%CVE-2019-1003043—A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect toEPSS 1.5%CVE-2019-10317—Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.EPSS 1.5%CVE-2021-21647—Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read peEPSS 1.5%CVE-2022-34177—Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` stepEPSS 1.5%CVE-2021-21607—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attacEPSS 1.4%CVE-2020-2305—Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.4%CVE-2020-2228—Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalatiEPSS 1.4%CVE-2022-43403—A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_4EPSS 1.4%CVE-2019-1003039—An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/cEPSS 1.4%CVE-2022-36889—Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring aEPSS 1.4%CVE-2019-1003061—Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be EPSS 1.4%CVE-2017-2652—It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that proviEPSS 1.4%CVE-2022-25173—Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script EPSS 1.4%CVE-2022-25174—Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for PipeEPSS 1.4%CVE-2019-16538—A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions iEPSS 1.4%CVE-2021-21689—FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and eEPSS 1.4%CVE-2020-2278—Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permisEPSS 1.4%CVE-2019-1003051—Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users wEPSS 1.4%