Vulnerabilidades en Jenkins project

1522 resultados

CVE-2019-10285—Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed EPSS 1.8%CVE-2019-10380—Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attacEPSS 1.8%CVE-2022-20612—A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build ofEPSS 1.8%CVE-2022-28146—Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary filesEPSS 1.8%CVE-2022-28148—The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on WiEPSS 1.8%CVE-2022-27208—Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on theEPSS 1.8%CVE-2019-10329—Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they caEPSS 1.8%CVE-2022-25179—Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory forEPSS 1.8%CVE-2021-21646—Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackeEPSS 1.7%CVE-2022-29048—A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attackerEPSS 1.7%CVE-2022-25177—Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected PEPSS 1.7%CVE-2022-25176—Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for theEPSS 1.7%CVE-2021-21671—Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.EPSS 1.7%CVE-2020-2275—Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workEPSS 1.7%CVE-2019-10346—A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrarEPSS 1.7%CVE-2019-10341—A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with OveralEPSS 1.7%CVE-2020-2301—Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication EPSS 1.7%CVE-2022-30950—Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability thatEPSS 1.7%CVE-2021-21604—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject craftedEPSS 1.7%CVE-2019-10390—A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a GroovyEPSS 1.7%

← anteriorpágina 8 / 77siguiente →