Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins performance vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-21701
Jenkins Performance Plugin 3.20 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Performance
8.2
CVSSv3
CVE-2023-28682
Jenkins Performance Publisher Plugin 8.09 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Performance Publisher
6.5
CVSSv3
CVE-2022-36894
An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and previous versions allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
Jenkins Clif Performance Testing
7.5
CVSSv3
CVE-2023-33000
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and previous versions does not mask credentials displayed on the configuration form, increasing the potential for malicious users to observe and capture them.
Jenkins Ns-nd Integration Performance Publisher
7.5
CVSSv3
CVE-2022-45391
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and previous versions globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
Jenkins Ns-nd Integration Performance Publisher
6.5
CVSSv3
CVE-2022-45392
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and previous versions stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file syst...
Jenkins Ns-nd Integration Performance Publisher
7.5
CVSSv3
CVE-2022-38666
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and previous versions unconditionally disables SSL/TLS certificate and hostname validation for several features.
Jenkins Ns-nd Integration Performance Publisher
8.8
CVSSv3
CVE-2022-41227
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and previous versions allows malicious users to connect to an attacker-specified webserver using attacker-specified credentials.
Jenkins Ns-nd Integration Performance Publisher
8.8
CVSSv3
CVE-2022-41228
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and previous versions allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.
Jenkins Ns-nd Integration Performance Publisher
5.4
CVSSv3
CVE-2022-41229
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and previous versions does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configu...
Jenkins Ns-nd Integration Performance Publisher
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »