Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins blue ocean vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-40341
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and previous versions allows malicious users to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Jenkins Blue Ocean
6.5
CVSSv3
CVE-2022-30952
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and previous versions allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
Jenkins Blue Ocean
6.5
CVSSv3
CVE-2022-30954
Jenkins Blue Ocean Plugin 1.25.3 and previous versions does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
Jenkins Blue Ocean
6.5
CVSSv3
CVE-2022-30953
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and previous versions allows malicious users to connect to an attacker-specified HTTP server.
Jenkins Blue Ocean
4.3
CVSSv3
CVE-2020-2255
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Blue Ocean
6.5
CVSSv3
CVE-2020-2254
Jenkins Blue Ocean Plugin 1.23.2 and previous versions provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
Jenkins Blue Ocean
6.5
CVSSv3
CVE-2019-1003012
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and previous versions in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/ma...
Jenkins Blue Ocean
Redhat Openshift Container Platform 3.11
5.4
CVSSv3
CVE-2019-1003013
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and previous versions in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.ja...
Jenkins Blue Ocean
Redhat Openshift Container Platform 3.11
8.5
CVSSv3
CVE-2017-1000106
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing f...
Jenkins Blue Ocean
Jenkins Blue Ocean 1.2.0
4.3
CVSSv3
CVE-2017-1000110
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and ...
Jenkins Blue Ocean 1.2.0
Jenkins Blue Ocean
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »