A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.gov/vul…
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
References
https://nvd….
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.g…
A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-24302
https://github.com/paramiko/par…
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-27…
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.gov/vuln/detail/CVE-2…
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Ref…
A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the …
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerou…
