Vulnerabilidades em Jenkins Project
1.522 resultadosCVE-2020-2139—An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report fileEPSS 1.6%CVE-2021-21673—Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attEPSS 1.6%CVE-2019-10384—Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSEPSS 1.6%CVE-2022-34179—Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG EPSS 1.6%CVE-2019-1003006—A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.javEPSS 1.6%CVE-2021-21697—Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins EPSS 1.6%CVE-2019-1003099—A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows atEPSS 1.5%CVE-2019-1003003—An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TEPSS 1.5%CVE-2022-25181—A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/EPSS 1.5%CVE-2022-25182—A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/EPSS 1.5%CVE-2023-27905CRITICALJenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resultinEPSS 1.5%CVE-2019-1003079—A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation metEPSS 1.5%CVE-2019-1003093—A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackersEPSS 1.5%CVE-2019-1003081—A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validEPSS 1.5%CVE-2021-21658—Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.5%CVE-2019-1003085—A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method EPSS 1.5%CVE-2019-10290—A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form vaEPSS 1.5%CVE-2019-1003087—A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation meEPSS 1.5%CVE-2019-1003047—A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to EPSS 1.5%CVE-2019-10308—A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form hanEPSS 1.5%