Vulnerabilidades em Jenkins Project
1.522 resultadosCVE-2020-2286—Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is cEPSS 1.3%CVE-2020-2109—Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-tranEPSS 1.3%CVE-2020-2110—Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying EPSS 1.3%CVE-2021-21675—A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests aEPSS 1.3%CVE-2022-30945—Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and JenkEPSS 1.2%CVE-2020-2152—Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, reEPSS 1.2%CVE-2020-2161—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label exprEPSS 1.2%CVE-2019-1003013—An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/EPSS 1.2%CVE-2019-1003094—Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by usEPSS 1.2%CVE-2019-1003088—Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed bEPSS 1.2%CVE-2019-1003089—Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by userEPSS 1.2%CVE-2022-34174—In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between logiEPSS 1.2%CVE-2021-21666—Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a EPSS 1.2%CVE-2023-24443CRITICALJenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.2%CVE-2023-24441CRITICALJenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.2%CVE-2021-21606—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existeEPSS 1.2%CVE-2019-10357—A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obEPSS 1.2%CVE-2022-43401—A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security PluginEPSS 1.2%CVE-2019-1003007—A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GrooEPSS 1.2%CVE-2020-2097—Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with OverallEPSS 1.2%