Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2023-11-01 | N/A | 9.8 CRITICAL |
| A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | |||||
| CVE-2022-41242 | 1 Jenkins | 1 Extreme-feedback | 2023-11-01 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. | |||||
| CVE-2022-45389 | 1 Jenkins | 1 Xp-dev | 2023-11-01 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | |||||
| CVE-2022-45394 | 1 Jenkins | 1 Delete Log | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | |||||
| CVE-2022-45390 | 1 Jenkins | 1 Loader.io | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-45399 | 1 Jenkins | 1 Cluster Statistics | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2023-46652 | 1 Jenkins | 1 Lambdatest-automation | 2023-11-01 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | |||||
| CVE-2023-37910 | 1 Xwiki | 1 Xwiki | 2023-10-31 | N/A | 8.1 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version. | |||||
| CVE-2021-21637 | 1 Jenkins | 1 Team Foundation Server | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21636 | 1 Jenkins | 1 Team Foundation Server | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2021-21632 | 1 Jenkins | 1 Owasp Dependency-track | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21631 | 1 Jenkins | 1 Cloud Statistics | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. | |||||
| CVE-2021-21626 | 1 Jenkins | 1 Warnings Next Generation | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | |||||
| CVE-2021-21625 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. | |||||
| CVE-2020-2323 | 1 Netflix | 1 Chaos Monkey | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | |||||
| CVE-2020-2322 | 1 Netflix | 1 Chaos Monkey | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | |||||
| CVE-2020-2302 | 1 Jenkins | 1 Active Directory | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. | |||||
| CVE-2020-2285 | 1 Jenkins | 1 Liquibase Runner | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2020-2282 | 1 Jenkins | 1 Implied Labels | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | |||||
| CVE-2020-2272 | 1 Jenkins | 1 Elastest | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||