Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-1000243

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Nov, 2017 | 13:00
Updated At-05 Aug, 2024 | 22:00
Rejected At-
Credits

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Nov, 2017 | 13:00
Updated At:05 Aug, 2024 | 22:00
Rejected At:
▼CVE Numbering Authority (CNA)

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101946
vdb-entry
x_refsource_BID
https://jenkins.io/security/advisory/2017-06-06/
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/101946
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://jenkins.io/security/advisory/2017-06-06/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101946
vdb-entry
x_refsource_BID
x_transferred
https://jenkins.io/security/advisory/2017-06-06/
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101946
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://jenkins.io/security/advisory/2017-06-06/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Nov, 2017 | 13:29
Updated At:20 Apr, 2025 | 01:37

Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
CPE Matches
Jenkins
jenkins
>>favorite_plugin>>Versions up to 2.1.4(inclusive)
cpe:2.3:a:jenkins:favorite_plugin:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/101946cve@mitre.org
N/A
https://jenkins.io/security/advisory/2017-06-06/cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/101946af854a3a-2127-422b-91ae-364da2661108
N/A
https://jenkins.io/security/advisory/2017-06-06/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101946
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://jenkins.io/security/advisory/2017-06-06/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101946
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://jenkins.io/security/advisory/2017-06-06/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

340Records found
CVE-2023-41943
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.47%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:09
Updated-26 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.

Action-Not Available
Vendor-Jenkins
Product-aws_codecommit_triggerJenkins AWS CodeCommit Trigger Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-31720
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 2.85%
||
7 Day CHG-0.01%
Published-02 Apr, 2025 | 14:59
Updated-29 Apr, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-862
Missing Authorization
CVE-2023-4302
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.2||MEDIUM
EPSS-0.18% / 39.43%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 22:34
Updated-01 Oct, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing permission checks in Fortify Plugin allow capturing credentials

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-fortifyJenkins Fortify Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-43501
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 8.98%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 16:06
Updated-24 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-build_failure_analyzerJenkins Build Failure Analyzer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-41941
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:08
Updated-26 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-aws_codecommit_triggerJenkins AWS CodeCommit Trigger Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-41945
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 12:09
Updated-26 Sep, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.

Action-Not Available
Vendor-Jenkins
Product-assembla_authJenkins Assembla Auth Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-21636
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 11:10
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-team_foundation_serverJenkins Team Foundation Server Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-21631
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.12%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 11:10
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages.

Action-Not Available
Vendor-Jenkins
Product-cloud_statisticsJenkins Cloud Statistics Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-37950
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.95%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-06 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-mablJenkins mabl Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-37963
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 27.12%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:53
Updated-06 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-benchmark_evaluatorJenkins Benchmark Evaluator Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-37945
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-07 Nov, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.

Action-Not Available
Vendor-Jenkins
Product-saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-37944
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-07 Nov, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-datadogJenkins Datadog Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-37959
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.05%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:52
Updated-07 Nov, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-sumologic_publisherJenkins Sumologic Publisher Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-35149
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.83%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 12:53
Updated-30 Dec, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-digital.ai_app_management_publisherJenkins Digital.ai App Management Publisher Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-30519
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 17:05
Updated-07 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

Action-Not Available
Vendor-Jenkins
Product-quay.io_triggerJenkins Quay.io trigger Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-30521
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.16%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 17:05
Updated-07 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

Action-Not Available
Vendor-Jenkins
Product-assembla_merge_request_builderJenkins Assembla merge request builder Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-28675
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.27%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:26
Updated-25 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-octoperf_load_testingJenkins OctoPerf Load Testing Plugin Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-28672
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.18%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 11:26
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-octoperf_load_testingJenkins OctoPerf Load Testing Plugin Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2017-2652
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.58%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 20:00
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.

Action-Not Available
Vendor-Jenkins
Product-distributed_forkDistFork Jenkins plugin
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2022-45389
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.89%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.

Action-Not Available
Vendor-Jenkins
Product-xp-devJenkins XP-Dev Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-45390
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.38%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-loader.ioJenkins loader.io Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-45394
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs.

Action-Not Available
Vendor-Jenkins
Product-delete_logJenkins Delete log Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-52554
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.13%
||
7 Day CHG+0.01%
Published-13 Nov, 2024 | 20:53
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.

Action-Not Available
Vendor-Jenkins
Product-Jenkins Shared Library Version Override Pluginshared_library_version_override
CWE ID-CWE-862
Missing Authorization
CVE-2022-45399
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.

Action-Not Available
Vendor-Jenkins
Product-cluster_statisticsJenkins Cluster Statistics Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-45385
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.55%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

Action-Not Available
Vendor-Jenkins
Product-cloudbees_docker_hub\/registry_notificationJenkins CloudBees Docker Hub/Registry Notification Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-43421
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.99%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.

Action-Not Available
Vendor-Jenkins
Product-tuleap_git_branch_sourceJenkins Tuleap Git Branch Source Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-43413
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.26%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-job_importJenkins Job Import Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-43431
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.27%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-compuware_strobe_measurementJenkins Compuware Strobe Measurement Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-43427
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.26%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-compuware_topaz_for_total_testJenkins Compuware Topaz for Total Test Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-43417
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.26%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-katalonJenkins Katalon Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41238
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.41%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-29 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

Action-Not Available
Vendor-Jenkins
Product-dotciJenkins DotCi Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41250
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 61.74%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-27 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-scm_httpclientJenkins SCM HttpClient Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41251
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.97%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-apprendaJenkins Apprenda Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41254
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.23%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-cons3rtJenkins CONS3RT Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41234
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.65%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.

Action-Not Available
Vendor-Jenkins
Product-rundeckJenkins Rundeck Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41228
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.51%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:45
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-ns-nd_integration_performance_publisherJenkins NS-ND Integration Performance Publisher Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41246
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.90%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-27 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-worksoft_execution_managerJenkins Worksoft Execution Manager Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41242
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.

Action-Not Available
Vendor-Jenkins
Product-extreme-feedbackJenkins extreme-feedback Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-41252
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.97%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 15:46
Updated-28 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-cons3rtJenkins CONS3RT Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-25766
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-azure_credentialsJenkins Azure Credentials Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36903
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.60%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:25
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-repository_connectorJenkins Repository Connector Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36915
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.42%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:27
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

Action-Not Available
Vendor-Jenkins
Product-android_signingJenkins Android Signing Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36891
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:22
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.

Action-Not Available
Vendor-Jenkins
Product-deployer_frameworkJenkins Deployer Framework Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36919
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.60%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:28
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-coverityJenkins Coverity Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36909
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.60%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:26
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-openshift_deployerJenkins OpenShift Deployer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36910
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:26
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

Action-Not Available
Vendor-Jenkins
Product-lucene-searchJenkins Lucene-Search Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36921
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.86%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:29
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-coverityJenkins Coverity Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36912
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:27
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-openstack_heatJenkins Openstack Heat Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36898
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 55.86%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:24
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-compuware_ispw_operationsJenkins Compuware ISPW Operations Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-36917
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:28
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.

Action-Not Available
Vendor-Jenkins
Product-google_cloud_backupJenkins Google Cloud Backup Plugin
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found