org.jenkins-ci.plugins

1,035 tracked vulnerabilities.

CVE-2022-34814 MEDIUM
Jenkins Request Rename Or Delete Plugin < 1.1.0 - Unauthorized Access to Administrative Configuration Page
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34813 MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization for XPath Expression Management
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34812 MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Cross-Site Request Forgery
Jun 30, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-34811 MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Missing Authorization
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34808 MEDIUM
Jenkins Cisco Spark Plugin < 1.1.1 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34807 MEDIUM
Jenkins Elasticsearch Query Plugin <= 1.2 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34806 MEDIUM
Jenkins Jigomerge < 0.9 - Insufficiently Protected Credentials in Job Config Files
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34805 MEDIUM
Jenkins Skype notifier Plugin < 1.1.0 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34804 MEDIUM
Jenkins OpsGenie Plugin < 1.9 - Cleartext Transmission of Sensitive Information via Configuration Forms
Jun 30, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-34803 MEDIUM
Jenkins OpsGenie Plugin < 1.9 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34802 MEDIUM
Jenkins RocketChat Notifier Plugin <= 1.5.2 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34799 MEDIUM
Jenkins Deployment Dashboard Plugin <= 1.0.10 - Insufficiently Protected Credentials
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34798 MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Missing Authorization in HTTP Endpoints
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34797 MEDIUM
Jenkins Deployment Dashboard Plugin < 1.0.10 - Cross-Site Request Forgery
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34796 MEDIUM
Jenkins Deployment Dashboard < 1.0.10 - Credential ID Enumeration via Missing Authorization
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34795 MEDIUM
Jenkins Deployment Dashboard Plugin <= 1.0.10 - Stored Cross-Site Scripting in Environment Names
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34794 MEDIUM
Jenkins Recipe Plugin < 1.2 - Server-Side Request Forgery via XML Response Parsing
Jun 30, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-34793 HIGH
Jenkins Recipe Plugin < 1.2 - XML External Entity Injection
Jun 30, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-34792 HIGH
Jenkins Recipe Plugin < 1.2 - Cross-Site Request Forgery
Jun 30, 2022
CVSS 8.0
EPSS 0.00
CVE-2022-34790 MEDIUM
Jenkins eXtreme Feedback Panel Plugin < 2.0.1 - Stored Cross-Site Scripting in Job Name Tooltips
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34786 MEDIUM
Jenkins Rich Text Publisher Plugin < 1.4 - Stored Cross-Site Scripting in HTML Message
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34785 MEDIUM
Jenkins build-metrics < 1.3 - Incorrect Authorization in HTTP Endpoints
Jun 30, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-34784 MEDIUM
Jenkins build-metrics 1.3 - Stored Cross-Site Scripting in Build Description View
Jun 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-34783 MEDIUM
Jenkins Plot Plugin < 2.1.10 - Stored Cross-Site Scripting in Plot Descriptions
Jun 30, 2022
CVSS 5.4
EPSS 0.80
CVE-2022-34782 MEDIUM
Jenkins requests-plugin < 2.2.16 - Incorrect Authorization
Jun 30, 2022
CVSS 4.3
EPSS 0.01