Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Testcomplete Support
1 Github repository
9.8
CVSSv3
CVE-2023-24456
Jenkins Keycloak Authentication Plugin 2.3.0 and previous versions does not invalidate the previous session on login.
Jenkins Keycloak Authentication
9.8
CVSSv3
CVE-2022-47629
Libksba prior to 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
Gnupg Libksba
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Plot
9.8
CVSSv3
CVE-2022-1471
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content ...
Snakeyaml Project Snakeyaml
11 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-36227
In libarchive prior to 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties di...
Libarchive Libarchive
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
9.8
CVSSv3
CVE-2022-45047
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for l...
Apache Sshd
1 Github repository
9.8
CVSSv3
CVE-2022-45395
Jenkins CCCC Plugin 0.6 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Cccc
9.8
CVSSv3
CVE-2022-45396
Jenkins SourceMonitor Plugin 0.2 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Sourcemonitor
9.8
CVSSv3
CVE-2022-45397
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Osf Builder Suite \\ \\
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »