org.jenkins-ci.plugins

1,024 tracked vulnerabilities.

CVE-2022-27205 MEDIUM
Jenkins Extended Choice Parameter Plugin < 346.vd87693c5a_86c - Server-Side Request Forgery via URL Connection
Mar 15, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-27204 HIGH
Jenkins Extended Choice Parameter < 346.vd87693c5a_86c - Cross-Site Request Forgery
Mar 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-27203 MEDIUM
Jenkins Extended Choice Parameter Plugin < 346.vd87693c5a_86c - Path Traversal and Arbitrary File Read
Mar 15, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-27202 MEDIUM
Jenkins Extended Choice Parameter Plugin < 346.vd87693c5a_86c - Stored XSS
Mar 15, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-27201 MEDIUM
Jenkins Semantic Versioning Plugin < 1.13 - XML External Entity Injection via Crafted File Parsing
Mar 15, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-27199 MEDIUM
Jenkins CloudBees AWS Credentials Plugin < 191.vcb_f183ce58b_9 - Missing Authorization
Mar 15, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-27198 HIGH
Jenkins CloudBees AWS Credentials Plugin < 189.v3551d5642995 - Cross-Site Request Forgery
Mar 15, 2022
CVSS 8.0
EPSS 0.00
CVE-2022-27197 MEDIUM
Jenkins Dashboard View Plugin < 2.18.1 - Stored Cross-Site Scripting via Iframe Portlet URL
Mar 15, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-27195 MEDIUM
Jenkins Parameterized Trigger Plugin <2.43 - Info Disclosure
Mar 15, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-25209 HIGH
Jenkins Chef Sinatra Plugin < 1.20 - XML External Entity Injection
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25208 HIGH
Jenkins Chef Sinatra Plugin < 1.20 - Server-Side Request Forgery via XML Response Parsing
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25207 HIGH
Jenkins Chef Sinatra Plugin < 1.20 - Cross-Site Request Forgery via XML Response Parsing
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25206 HIGH
Jenkins dbCharts < 0.5.2 - Missing Authorization for JDBC Database Connection
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25205 HIGH
Jenkins dbCharts Plugin <= 0.5.2 - Cross-Site Request Forgery via JDBC Connection
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25202 MEDIUM
Jenkins Promoted Builds (Simple) Plugin < 1.9 - Stored Cross-Site Scripting in Custom Promotion Level Name
Feb 15, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-25199 HIGH
Jenkins SCP publisher < 1.8 - Missing Authorization for SSH Server Connection
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25198 HIGH
Jenkins SCP publisher Plugin < 1.8 - Cross-Site Request Forgery
Feb 15, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-25196 MEDIUM
Jenkins GitLab Authentication Plugin < 1.13 - Open Redirect via HTTP Referer Header
Feb 15, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-25188 MEDIUM
Jenkins Fortify Plugin < 20.2.34 - Path Traversal and Arbitrary File Write via Pipeline Step Parameters
Feb 15, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-25187 MEDIUM
Jenkins Support Core Plugin <2.79 - Info Disclosure
Feb 15, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-25185 MEDIUM
Jenkins Generic Webhook Trigger Plugin <= 1.81 - Stored Cross-Site Scripting via Build Cause
Feb 15, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-25184 MEDIUM
Jenkins Pipeline: Build Step Plugin < 2.15 - Password Parameter Exposure via Pipeline Snippet Generator
Feb 15, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-23115 MEDIUM
Jenkins batch task < 1.19 - Cross-Site Request Forgery
Jan 12, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-23114 LOW
Jenkins Publish Over SSH Plugin <= 1.22 - Insufficiently Protected Credentials
Jan 12, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-23113 MEDIUM
Jenkins Publish Over SSH Plugin <= 1.22 - Path Traversal via File Name Validation
Jan 12, 2022
CVSS 4.3
EPSS 0.00
Products
script-security 35 git 13 email-ext 11 active-directory 9 config-file-provider 9 electricflow 9 ec2 8 oic-auth 8 subversion 8 artifactory 7 credentials-binding 7 htmlpublisher 7 jobConfigHistory 7 mercurial 7 openshift-deployer 7 rundeck 7 azure-ad 6 azure-vm-agents 6 ec2-deployment-dashboard 6 fortify-on-demand-uploader 6 ghprb 6 gitlab-oauth 6 gitlab-plugin 6 pipeline-maven 6 repository-connector 6 aws-codecommit-trigger 5 codedx 5 credentials 5 delphix 5 extended-choice-parameter 5
Quick Filters
Critical CVEs With Exploits In CISA KEV