Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins project inheritance vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and previous versions displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Jenkins Project Inheritance
3.5
CVSSv2
CVE-2022-34787
Jenkins Project Inheritance Plugin 21.04.03 and previous versions does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Jenkins Project Inheritance
4
CVSSv2
CVE-2019-10409
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and previous versions allowed attackers with Overall/Read permission to trigger project generation from templates.
Jenkins Project Inheritance
4.3
CVSSv2
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and previous versions allowed malicious users to trigger project generation from templates.
Jenkins Project Inheritance
4
CVSSv2
CVE-2020-2197
Jenkins Project Inheritance Plugin 19.08.02 and previous versions does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
Jenkins Project Inheritance
4
CVSSv2
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and previous versions does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Jenkins Project Inheritance
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon