Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36907 | 1 Jenkins | 1 Openshift Deployer | 2023-11-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2022-36904 | 1 Jenkins | 1 Repository Connector | 2023-11-02 | N/A | 4.3 MEDIUM |
| Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36921 | 1 Jenkins | 1 Coverity | 2023-11-02 | N/A | 8.1 HIGH |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-36919 | 1 Jenkins | 1 Coverity | 2023-11-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36918 | 1 Jenkins | 1 Buckminster | 2023-11-02 | N/A | 4.3 MEDIUM |
| Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36917 | 1 Jenkins | 1 Google Cloud Backup | 2023-11-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. | |||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2023-11-02 | N/A | 4.3 MEDIUM |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | |||||
| CVE-2022-36895 | 1 Jenkins | 1 Compuware Topaz Utilities | 2023-11-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36896 | 1 Jenkins | 1 Compuware Source Code Download For Endevor\, Pds\, And Ispw | 2023-11-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-36897 | 1 Jenkins | 1 Compuware Xpediter Code Coverage | 2023-11-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-41254 | 1 Jenkins | 1 Cons3rt | 2023-11-01 | N/A | 6.5 MEDIUM |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-41252 | 1 Jenkins | 1 Cons3rt | 2023-11-01 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2022-41251 | 1 Jenkins | 1 Apprenda | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2023-11-01 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-43417 | 1 Jenkins | 1 Katalon | 2023-11-01 | N/A | 4.3 MEDIUM |
| Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-43413 | 1 Jenkins | 1 Job Import | 2023-11-01 | N/A | 4.3 MEDIUM |
| Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-41228 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2023-11-01 | N/A | 8.8 HIGH |
| A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | |||||
| CVE-2022-41234 | 1 Jenkins | 1 Rundeck | 2023-11-01 | N/A | 8.8 HIGH |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck. | |||||
| CVE-2022-41233 | 1 Jenkins | 1 Rundeck | 2023-11-01 | N/A | 4.3 MEDIUM |
| Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. | |||||
| CVE-2022-41230 | 1 Jenkins | 1 Build-publisher | 2023-11-01 | N/A | 4.3 MEDIUM |
| Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | |||||