Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins rundeck vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2020-2144
Jenkins Rundeck Plugin 3.6.6 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Rundeck
NA
CVE-2022-41233
Jenkins Rundeck Plugin 3.6.11 and previous versions does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is en...
Jenkins Rundeck
NA
CVE-2022-41234
Jenkins Rundeck Plugin 3.6.11 and previous versions does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
Jenkins Rundeck
3.5
CVSSv2
CVE-2022-30956
Jenkins Rundeck Plugin 3.6.10 and previous versions does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
Jenkins Rundeck
4.3
CVSSv2
CVE-2019-10454
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows malicious users to connect to an attacker-specified URL using attacker-specified credentials.
Jenkins Rundeck
4
CVSSv2
CVE-2019-10455
A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Jenkins Rundeck
4
CVSSv2
CVE-2019-16556
Jenkins Rundeck Plugin 3.6.5 and previous versions stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Rundeck
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started