Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

blue ocean vulnerabilities and exploits

(subscribe to this query)
4
CVSSv2
CVE-2017-1000110
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and ...
Jenkins Blue Ocean 1.2.0Jenkins Blue Ocean
5
CVSSv2
CVE-2017-1000105
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.
Jenkins Blue Ocean 1.2.0Jenkins Blue Ocean
5.5
CVSSv2
CVE-2017-1000106
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing f...
Jenkins Blue OceanJenkins Blue Ocean 1.2.0
NA
CVE-2023-40341
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and previous versions allows malicious users to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Jenkins Blue Ocean
3.5
CVSSv2
CVE-2020-2254
Jenkins Blue Ocean Plugin 1.23.2 and previous versions provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
Jenkins Blue Ocean
4
CVSSv2
CVE-2020-2255
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Blue Ocean
4
CVSSv2
CVE-2022-30952
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and previous versions allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
Jenkins Blue Ocean
4.3
CVSSv2
CVE-2022-30953
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and previous versions allows malicious users to connect to an attacker-specified HTTP server.
Jenkins Blue Ocean
4
CVSSv2
CVE-2022-30954
Jenkins Blue Ocean Plugin 1.25.3 and previous versions does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
Jenkins Blue Ocean
4.3
CVSSv2
CVE-2019-1003012
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and previous versions in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/ma...
Jenkins Blue OceanRedhat Openshift Container Platform 3.11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook