org.jenkins-ci.plugins

1,035 tracked vulnerabilities.

CVE-2019-10371 HIGH
Jenkins Gitlab Auth Plugin <1.4 - Privilege Escalation
Aug 07, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-10370 MEDIUM
Jenkins Mask Passwords Plugin < 2.12.0 - Plaintext Password Exposure in Configuration Form
Aug 07, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10369 MEDIUM
Jenkins JClouds Plugin < 2.14 - Missing Authorization in Test Connection Endpoint
Aug 07, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10368 HIGH
Jenkins JClouds Plugin < 2.14 - Cross-Site Request Forgery via Test Connection Endpoint
Aug 07, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10366 MEDIUM
Jenkins Skytap Cloud CI Plugin < 2.06 - Insufficiently Protected Credentials in config.xml
Jul 31, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10365 MEDIUM
Jenkins Google Kubernetes Engine Plugin <= 0.6.2 - Unauthorized Access Token Exposure via Temporary File
Jul 31, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-10364 MEDIUM
Jenkins Amazon EC2 Plugin < 1.43 - Private Key Exposure in System Log
Jul 31, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-10356 HIGH
Jenkins Script Security Plugin <1.61 - RCE
Jul 31, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-10355 HIGH
Jenkins Script Security Plugin <1.61 - RCE
Jul 31, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-1010241 MEDIUM
Jenkins Credentials Binding Plugin 1.17 - Info Disclosure
Jul 19, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10350 HIGH
Jenkins Port Allocator Plugin < 1.8 - Cleartext Storage of Sensitive Information in Job Config Files
Jul 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10349 MEDIUM
Jenkins Dependency Graph Viewer Plugin < 0.13 - Stored Cross-Site Scripting
Jul 11, 2019
CVSS 5.4
EPSS 0.04
CVE-2019-10348 HIGH
Jenkins Gogs Plugin < 1.0.14 - Cleartext Storage of Sensitive Information in Job Config Files
Jul 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10339 HIGH
Jenkins JX Resources Plugin <= 1.0.36 - Missing Authorization in GlobalPluginConfiguration
Jun 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10338 HIGH
Jenkins JX Resources Plugin < 1.0.36 - Cross-Site Request Forgery via GlobalPluginConfiguration#doValidateClient
Jun 11, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10337 HIGH
Jenkins Token Macro Plugin < 2.7 - XML External Entity Injection via XML Macro
Jun 11, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10336 MEDIUM
Jenkins ElectricFlow < 1.1.6 - Cross-Site Scripting via Post-Build Step Configuration
Jun 11, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-10335 MEDIUM
Jenkins ElectricFlow < 1.1.6 - Stored Cross-Site Scripting via Build Status Page
Jun 11, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-10334 MEDIUM
Jenkins ElectricFlow < 1.1.5 - SSL/TLS and Hostname Verification Disabled via MultipartUtility.java
Jun 11, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10333 MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in HTTP Endpoints
Jun 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10332 MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in Configuration Connection Test
Jun 11, 2019
CVSS 4.3
EPSS 0.02
CVE-2019-10331 MEDIUM
Jenkins ElectricFlow < 1.1.5 - Cross-Site Request Forgery via Configuration Test Connection
Jun 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10330 HIGH
Jenkins Gitea Plugin <= 1.1.1 - Missing Authorization for Jenkinsfile Changes
May 31, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10329 HIGH
Jenkins InfluxDB Plugin <= 1.21 - Insufficiently Protected Credentials
May 31, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10328 CRITICAL
Jenkins Pipeline Remote Loader Plugin <1.4 - Code Injection
May 31, 2019
CVSS 9.9
EPSS 0.02