Vulnerabilidades em Jenkins project

1.522 resultados

CVE-2019-10340—A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed uEPSS 1.4%CVE-2020-2102—Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.EPSS 1.4%CVE-2021-21676—Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/ReEPSS 1.4%CVE-2019-1003042—A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names toEPSS 1.4%CVE-2020-2092—Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing usEPSS 1.4%CVE-2022-25175—Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted EPSS 1.4%CVE-2019-1003065—Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they caEPSS 1.4%CVE-2022-28157—Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from theEPSS 1.4%CVE-2019-10336—A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the outputEPSS 1.4%CVE-2019-10303—Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the JenkinsEPSS 1.4%CVE-2019-10301—A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation methodEPSS 1.4%CVE-2019-10302—Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they couEPSS 1.4%CVE-2020-2101—Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which EPSS 1.4%CVE-2019-1003072—Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by useEPSS 1.4%CVE-2019-1003063—Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they caEPSS 1.4%CVE-2019-1003055—Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed EPSS 1.4%CVE-2019-1003052—Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where tEPSS 1.4%CVE-2019-1003069—Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can beEPSS 1.4%CVE-2019-1003056—Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by uEPSS 1.4%CVE-2019-1003054—Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by uEPSS 1.4%

← anteriorpágina 13 / 77próxima →