org.jenkins-ci.plugins

1,024 tracked vulnerabilities.

CVE-2021-21644 MEDIUM
Jenkins Config File Provider Plugin < 3.7.0 - Cross-Site Request Forgery via Configuration File Deletion
Apr 21, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-21643 MEDIUM
Jenkins Config File Provider Plugin <3.7.0 - Info Disclosure
Apr 21, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-21642 HIGH
Jenkins Config File Provider Plugin < 3.7.0 - XML External Entity Injection
Apr 21, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-22513 MEDIUM
Micro Focus Application Automation Tools < 6.7 - Missing Authorization
Apr 08, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22512 MEDIUM
Micro Focus Application Automation Tools Plugin - Jenkins <6.7 - CSRF
Apr 08, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22511 MEDIUM
Micro Focus Application Automation Tools Plugin < 6.7 - Improper Certificate Validation
Apr 08, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22510 MEDIUM
Micro Focus Application Automation Tools Plugin - Jenkins <6.7 - XSS
Apr 08, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-21641 MEDIUM
Jenkins promoted builds < 3.9 - Cross-Site Request Forgery
Apr 07, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21638 HIGH
Jenkins Team Foundation Server Plugin < 5.157.1 - Cross-Site Request Forgery
Mar 30, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-21637 MEDIUM
Jenkins Team Foundation Server Plugin < 5.157.1 - Missing Authorization for Credential Capture via URL Connection
Mar 30, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-21636 MEDIUM
Jenkins Team Foundation Server Plugin < 5.157.1 - Missing Authorization for Credentials Enumeration
Mar 30, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21633 HIGH
Jenkins OWASP Dependency-Track < 3.1.0 - Cross-Site Request Forgery
Mar 30, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-21632 MEDIUM
Jenkins OWASP Dependency-Track < 3.1.0 - Missing Authorization for URL Connection
Mar 30, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-21631 MEDIUM
Jenkins Cloud Statistics Plugin < 0.26 - Missing Authorization in HTTP Endpoint
Mar 30, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21630 MEDIUM
Jenkins Extra Columns Plugin < 1.22 - Stored Cross-Site Scripting in Build Parameters Column
Mar 30, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21629 HIGH
Jenkins Build With Parameters Plugin < 1.5 - Cross-Site Request Forgery
Mar 30, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-21628 MEDIUM
Jenkins Build With Parameters Plugin < 1.5 - Stored Cross-Site Scripting in Parameter Names and Descriptions
Mar 30, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21627 HIGH
Jenkins Libvirt Agents Plugin < 1.9.0 - Cross-Site Request Forgery
Mar 18, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-21625 MEDIUM
Jenkins CloudBees AWS Credentials Plugin < 1.28 - Missing Authorization in HTTP Endpoint Helper Method
Mar 18, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21624 MEDIUM
Jenkins Role-based Authorization Strategy Plugin < 3.1 - Incorrect Authorization
Mar 18, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21623 MEDIUM
Jenkins Matrix Authorization Strategy Plugin < 2.6.5 - Incorrect Authorization
Mar 18, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-21621 MEDIUM
Jenkins Support Core Plugin < 2.72 - Exposure of Sensitive Information via Serialized User Authentication
Feb 24, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-21620 MEDIUM
Jenkins Claim Plugin < 2.18.1 - Cross-Site Request Forgery
Feb 24, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-21619 MEDIUM
Jenkins Claim Plugin < 2.18.1 - Stored Cross-Site Scripting via User Display Name
Feb 24, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-21618 MEDIUM
Jenkins Repository Connector Plugin < 2.0.2 - Stored Cross-Site Scripting in Parameter Names and Descriptions
Feb 24, 2021
CVSS 5.4
EPSS 0.01
Products
script-security 35 git 13 email-ext 11 active-directory 9 config-file-provider 9 electricflow 9 ec2 8 oic-auth 8 subversion 8 artifactory 7 credentials-binding 7 htmlpublisher 7 jobConfigHistory 7 mercurial 7 openshift-deployer 7 rundeck 7 azure-ad 6 azure-vm-agents 6 ec2-deployment-dashboard 6 fortify-on-demand-uploader 6 ghprb 6 gitlab-oauth 6 gitlab-plugin 6 pipeline-maven 6 repository-connector 6 aws-codecommit-trigger 5 codedx 5 credentials 5 delphix 5 extended-choice-parameter 5
Quick Filters
Critical CVEs With Exploits In CISA KEV