Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins warnings vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and previous versions does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
Jenkins Warnings
8.1
CVSSv3
CVE-2022-23107
Jenkins Warnings Next Generation Plugin 9.10.2 and previous versions does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.
Jenkins Warnings Next Generation 9.7.0
Jenkins Warnings Next Generation
4.3
CVSSv3
CVE-2021-21626
Jenkins Warnings Next Generation Plugin 8.4.4 and previous versions does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specifie...
Jenkins Warnings Next Generation
8.8
CVSSv3
CVE-2020-2280
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and previous versions allows malicious users to execute arbitrary code.
Jenkins Warnings
5.4
CVSSv3
CVE-2019-10325
A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and previous versions allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
Jenkins Warnings Next Generation
4.3
CVSSv3
CVE-2019-10326
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and previous versions allowed malicious users to reset warning counts for future builds.
Jenkins Warnings Next Generation 5.0.0
8.8
CVSSv3
CVE-2019-1003007
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and previous versions in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP endpoint.
Jenkins Warnings
8.8
CVSSv3
CVE-2019-1003008
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and previous versions in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP...
Jenkins Warnings Next Generation
6.1
CVSSv3
CVE-2019-1003023
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and previous versions in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java...
Jenkins Warnings Next Generation
8.8
CVSSv3
CVE-2018-1000012
Jenkins Warnings Plugin 4.64 and previous versions processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-se...
Jenkins Warnings
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »