org.jenkins-ci.plugins
1,035 tracked vulnerabilities.
CVE-2022-34814
MEDIUM
Jenkins Request Rename Or Delete Plugin < 1.1.0 - Unauthorized Access to Administrative Configuration Page
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34813
MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization for XPath Expression Management
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34812
MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Cross-Site Request Forgery
Jun 30, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-34811
MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34808
MEDIUM
Jenkins Cisco Spark Plugin < 1.1.1 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34807
MEDIUM
Jenkins Elasticsearch Query Plugin <= 1.2 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34806
MEDIUM
Jenkins Jigomerge < 0.9 - Insufficiently Protected Credentials in Job Config Files
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34805
MEDIUM
Jenkins Skype notifier Plugin < 1.1.0 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34804
MEDIUM
Jenkins OpsGenie Plugin < 1.9 - Cleartext Transmission of Sensitive Information via Configuration Forms
Jun 30, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-34803
MEDIUM
Jenkins OpsGenie Plugin < 1.9 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34802
MEDIUM
Jenkins RocketChat Notifier Plugin <= 1.5.2 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34799
MEDIUM
Jenkins Deployment Dashboard Plugin <= 1.0.10 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34798
MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Missing Authorization in HTTP Endpoints
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34797
MEDIUM
Jenkins Deployment Dashboard Plugin < 1.0.10 - Cross-Site Request Forgery
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34796
MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Credential ID Enumeration via Missing Authorization
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34795
MEDIUM
Jenkins Deployment Dashboard Plugin <= 1.0.10 - Stored Cross-Site Scripting in Environment Names
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34794
MEDIUM
Jenkins Recipe Plugin < 1.2 - Server-Side Request Forgery via XML Response Parsing
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34793
HIGH
Jenkins Recipe Plugin < 1.2 - XML External Entity Injection
Jun 30, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-34792
HIGH
Jenkins Recipe Plugin < 1.2 - Cross-Site Request Forgery
Jun 30, 2022
CVSS 8.0
EPSS 0.00
CVE-2022-34790
MEDIUM
Jenkins eXtreme Feedback Panel Plugin < 2.0.1 - Stored Cross-Site Scripting in Job Name Tooltips
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34786
MEDIUM
Jenkins Rich Text Publisher Plugin < 1.4 - Stored Cross-Site Scripting in HTML Message
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34785
MEDIUM
Jenkins build-metrics < 1.3 - Incorrect Authorization in HTTP Endpoints
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34784
MEDIUM
Jenkins build-metrics 1.3 - Stored Cross-Site Scripting in Build Description View
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34783
MEDIUM
Jenkins Plot Plugin < 2.1.10 - Stored Cross-Site Scripting in Plot Descriptions
Jun 30, 2022
CVSS 5.4
EPSS 0.80
CVE-2022-34782
MEDIUM
Jenkins requests-plugin < 2.2.16 - Incorrect Authorization
Jun 30, 2022
CVSS 4.3
EPSS 0.01
Products
script-security 35
git 13
email-ext 12
active-directory 11
config-file-provider 9
electricflow 9
credentials-binding 8
ec2 8
oic-auth 8
subversion 8
artifactory 7
htmlpublisher 7
jobConfigHistory 7
mercurial 7
openshift-deployer 7
rundeck 7
azure-ad 6
azure-vm-agents 6
ec2-deployment-dashboard 6
fortify-on-demand-uploader 6
ghprb 6
gitlab-oauth 6
gitlab-plugin 6
pipeline-maven 6
repository-connector 6
aws-codecommit-trigger 5
codedx 5
credentials 5
delphix 5
extended-choice-parameter 5
Quick Filters