Security
Headlines
HeadlinesLatestCVEs

Tag

#ssrf

CVE-2022-34802: Jenkins Security Advisory 2022-06-30

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVE
Open in Source
#xss#csrf#vulnerability#web#cisco#git#java#xpath#ssrf#auth
CVE-2022-34794: Jenkins Security Advisory 2022-06-30

Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

CVE-2022-34787: Jenkins Security Advisory 2022-06-30

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.

CVE-2022-34805: Jenkins Security Advisory 2022-06-30

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVE-2022-34813: Jenkins Security Advisory 2022-06-30

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.

CVE-2022-34779: Jenkins Security Advisory 2022-06-30

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-34809: Jenkins Security Advisory 2022-06-30

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVE-2022-34784: Jenkins Security Advisory 2022-06-30

Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.

CVE-2022-34789: Jenkins Security Advisory 2022-06-30

A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.

CVE-2022-34816: Jenkins Security Advisory 2022-06-30

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.