Vulnerabilidades em Jenkins project

1.494 resultados

CVE-2021-21667—Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site EPSS 75.7%CVE-2019-1003029CRITICALA sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecuriEPSS 74.3%KEV CVE-2021-21649—Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-siteEPSS 72.7%CVE-2021-21630—Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-sEPSS 72.4%CVE-2022-34777—Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resultinEPSS 72.4%CVE-2023-32985MEDIUMJenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackeEPSS 72.4%CVE-2022-30956—Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scrEPSS 71.3%CVE-2024-23898HIGHJenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests maEPSS 66.9%CVE-2021-21659—Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 66.8%CVE-2019-10405—Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attacEPSS 65.8%CVE-2023-32986HIGHJenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File EPSS 63.1%CVE-2019-10475—A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript intoEPSS 57.7%CVE-2024-34144CRITICALA sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allowsEPSS 48.1%CVE-2020-2184—A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to conEPSS 44.5%CVE-2021-21672—Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 42.5%CVE-2021-21642—Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 37.8%CVE-2024-43044HIGHJenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system byEPSS 28.8%CVE-2022-23111—A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attaEPSS 27.6%CVE-2021-21669—Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 25.7%CVE-2019-10392—Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git lsEPSS 25.6%

← anteriorpágina 2 / 75próxima →