# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-34180 |
862 |
|
|
2022-06-23 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. |
2 |
CVE-2022-34179 |
22 |
|
Dir. Trav. |
2022-06-23 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. |
3 |
CVE-2022-34177 |
22 |
|
Dir. Trav. |
2022-06-23 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. |
4 |
CVE-2022-34175 |
|
|
Bypass |
2022-06-23 |
2022-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. |
5 |
CVE-2022-34174 |
203 |
|
|
2022-06-23 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. |
6 |
CVE-2022-30949 |
|
|
+Info |
2022-05-17 |
2022-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
7 |
CVE-2022-30948 |
|
|
+Info |
2022-05-17 |
2022-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
8 |
CVE-2022-30947 |
|
|
+Info |
2022-05-17 |
2022-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
9 |
CVE-2022-29047 |
863 |
|
|
2022-04-12 |
2022-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even if the Pipeline is configured to not trust them. |
10 |
CVE-2022-28155 |
611 |
|
|
2022-03-29 |
2022-04-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
11 |
CVE-2022-28154 |
611 |
|
|
2022-03-29 |
2022-04-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
12 |
CVE-2022-28140 |
611 |
|
|
2022-03-29 |
2022-04-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
13 |
CVE-2022-28134 |
862 |
|
|
2022-03-29 |
2022-04-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. |
14 |
CVE-2022-25204 |
|
|
|
2022-02-15 |
2022-02-23 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. |
15 |
CVE-2022-23117 |
269 |
|
|
2022-01-12 |
2022-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. |
16 |
CVE-2022-23116 |
311 |
|
|
2022-01-12 |
2022-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. |
17 |
CVE-2022-23115 |
352 |
|
CSRF |
2022-01-12 |
2022-01-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. |
18 |
CVE-2022-23107 |
22 |
|
Dir. Trav. |
2022-01-12 |
2022-03-23 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. |
19 |
CVE-2022-23106 |
203 |
|
|
2022-01-12 |
2022-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. |
20 |
CVE-2022-20619 |
352 |
|
CSRF |
2022-01-12 |
2022-01-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
21 |
CVE-2022-2048 |
400 |
|
DoS |
2022-07-07 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. |
22 |
CVE-2022-0538 |
502 |
|
|
2022-02-09 |
2022-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. |
23 |
CVE-2021-43578 |
693 |
|
|
2021-11-12 |
2021-11-17 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. |
24 |
CVE-2021-43577 |
611 |
|
|
2021-11-12 |
2021-11-17 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
25 |
CVE-2021-21698 |
22 |
|
Dir. Trav. |
2021-11-04 |
2021-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. |
26 |
CVE-2021-21688 |
862 |
|
|
2021-11-04 |
2021-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). |
27 |
CVE-2021-21686 |
59 |
|
|
2021-11-04 |
2021-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. |
28 |
CVE-2021-21680 |
611 |
|
|
2021-08-31 |
2021-09-07 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. |
29 |
CVE-2021-21673 |
601 |
|
|
2021-06-30 |
2021-07-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. |
30 |
CVE-2021-21671 |
384 |
|
|
2021-06-30 |
2021-07-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. |
31 |
CVE-2021-21659 |
611 |
|
|
2021-05-25 |
2021-05-28 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
32 |
CVE-2021-21656 |
611 |
|
|
2021-05-11 |
2021-05-19 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
33 |
CVE-2021-21655 |
352 |
|
CSRF |
2021-05-11 |
2021-05-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. |
34 |
CVE-2021-21652 |
352 |
|
CSRF |
2021-05-11 |
2023-01-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
35 |
CVE-2021-21644 |
352 |
|
CSRF |
2021-04-21 |
2021-04-26 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. |
36 |
CVE-2021-21642 |
611 |
|
|
2021-04-21 |
2021-04-23 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
37 |
CVE-2021-21621 |
200 |
|
+Info |
2021-02-24 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations. |
38 |
CVE-2021-21609 |
863 |
|
|
2021-01-13 |
2021-01-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. |
39 |
CVE-2020-2324 |
611 |
|
|
2020-12-03 |
2020-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
40 |
CVE-2020-2321 |
352 |
|
CSRF |
2020-12-03 |
2020-12-04 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. |
41 |
CVE-2020-2288 |
185 |
|
Bypass |
2020-10-08 |
2020-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. |
42 |
CVE-2020-2287 |
435 |
|
Bypass |
2020-10-08 |
2020-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. |
43 |
CVE-2020-2284 |
611 |
|
|
2020-09-23 |
2020-09-28 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
44 |
CVE-2020-2281 |
352 |
|
CSRF |
2020-09-23 |
2020-09-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. |
45 |
CVE-2020-2253 |
295 |
|
|
2020-09-16 |
2020-09-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. |
46 |
CVE-2020-2252 |
295 |
|
|
2020-09-16 |
2020-09-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. |
47 |
CVE-2020-2245 |
611 |
|
|
2020-09-01 |
2020-09-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
48 |
CVE-2020-2232 |
319 |
|
|
2020-08-12 |
2020-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. |
49 |
CVE-2020-2204 |
862 |
|
|
2020-07-02 |
2020-07-15 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. |
50 |
CVE-2020-2178 |
611 |
|
|
2020-04-16 |
2020-04-27 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |