Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jenkins build with parameters vulnerabilities and exploits

(subscribe to this query)
6.8
CVSSv2
CVE-2021-21629
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and previous versions allows malicious users to build a project with attacker-specified parameters.
Jenkins Build With Parameters
5
CVSSv2
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and previous versions archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-rel...
Jenkins Pipeline\\ Input Step
4
CVSSv2
CVE-2022-25180
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and previous versions includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.
Jenkins Pipeline\\ Groovy
3.5
CVSSv2
CVE-2022-29042
Jenkins Job Generator Plugin 1.22 and previous versions does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploita...
Jenkins Job Generator
3.5
CVSSv2
CVE-2022-29045
Jenkins promoted builds Plugin 873.v6149db_d64130 and previous versions, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi...
Jenkins Promoted Builds
3.5
CVSSv2
CVE-2021-21628
Jenkins Build With Parameters Plugin 1.5 and previous versions does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Build With Parameters
3.5
CVSSv2
CVE-2021-21630
Jenkins Extra Columns Plugin 1.22 and previous versions does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Extra Columns
3.5
CVSSv2
CVE-2020-2289
Jenkins Active Choices Plugin 2.4 and previous versions does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Active Choices
3.5
CVSSv2
CVE-2020-2238
Jenkins Git Parameter Plugin 0.9.12 and previous versions does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Git Parameter
3.5
CVSSv2
CVE-2017-1000386
Jenkins Active Choices plugin version 1.5.3 and previous versions allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could i...
Jenkins Active ChoicesJenkins Active Choices 1.5.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920buffer overflowCVE-2024-36913CVE-2024-5497CVE-2024-23917CVE-2024-4956server-side request forgeryCVE-2024-35468SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook