Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10330

Summary
Assigner-jenkins
Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At-31 May, 2019 | 14:20
Updated At-04 Aug, 2024 | 22:17
Rejected At-
Credits

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jenkins
Assigner Org ID:39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At:31 May, 2019 | 14:20
Updated At:04 Aug, 2024 | 22:17
Rejected At:
▼CVE Numbering Authority (CNA)

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

Affected Products
Vendor
JenkinsJenkins project
Product
Jenkins Gitea Plugin
Versions
Affected
  • 1.1.1 and earlier
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2019/05/31/2
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/108540
vdb-entry
x_refsource_BID
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2019/05/31/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/108540
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2019/05/31/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/108540
vdb-entry
x_refsource_BID
x_transferred
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2019/05/31/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108540
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jenkinsci-cert@googlegroups.com
Published At:31 May, 2019 | 15:29
Updated At:25 Oct, 2023 | 18:16

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

gitea
gitea
>>gitea>>Versions up to 1.1.1(inclusive)
cpe:2.3:a:gitea:gitea:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2019/05/31/2jenkinsci-cert@googlegroups.com
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108540jenkinsci-cert@googlegroups.com
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046jenkinsci-cert@googlegroups.com
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2019/05/31/2
Source: jenkinsci-cert@googlegroups.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/108540
Source: jenkinsci-cert@googlegroups.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1046
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

363Records found

CVE-2022-34781
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.08%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:46
Updated-20 Nov, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-xebialabs_xl_releaseJenkins XebiaLabs XL Release Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34779
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 68.97%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:46
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-xebialabs_xl_releaseJenkins XebiaLabs XL Release Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34813
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.67% / 70.36%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:49
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions.

Action-Not Available
Vendor-Jenkins
Product-xpath_configuration_viewerJenkins XPath Configuration Viewer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34206
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-jianliao_notificationJenkins Jianliao Notification Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34212
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.7||MEDIUM
EPSS-0.51% / 65.29%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-vrealize_orchestratorJenkins vRealize Orchestrator Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34204
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

Action-Not Available
Vendor-Jenkins
Product-easyqaJenkins EasyQA Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34208
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-beaker_builderJenkins Beaker builder Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34201
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-convertigo_mobile_platformJenkins Convertigo Mobile Platform Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-34210
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:41
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-threadfixJenkins ThreadFix Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-30957
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 62.90%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-sshJenkins SSH Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-30955
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.81% / 73.18%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-gitlabJenkins GitLab Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-30951
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.86%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.

Action-Not Available
Vendor-Jenkins
Product-wmi_windows_agentsJenkins WMI Windows Agents Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-30954
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.80%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

Action-Not Available
Vendor-Jenkins
Product-blue_oceanJenkins Blue Ocean Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-30959
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.81% / 73.18%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 14:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-sshJenkins SSH Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28151
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.51%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

Action-Not Available
Vendor-Jenkins
Product-job_and_node_ownershipJenkins Job and Node ownership Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28139
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-rocketchat_notifierJenkins RocketChat Notifier Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28137
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.63% / 69.29%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-jiratestresultreporterJenkins JiraTestResultReporter Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28134
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.91% / 74.80%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

Action-Not Available
Vendor-Jenkins
Product-bitbucket_server_integrationJenkins Bitbucket Server Integration Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28144
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.89%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password (perform a connection test), disable SSL/TLS validation for the entire Jenkins controller JVM as part of the connection test (see CVE-2022-28142), and test a rollback with attacker-specified parameters.

Action-Not Available
Vendor-Jenkins
Product-proxmoxJenkins Proxmox Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28147
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.90% / 74.70%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-continuous_integration_with_toad_edgeJenkins Continuous Integration with Toad Edge Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-27211
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 72.19%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:46
Updated-15 Oct, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-kubernetes_continuous_deployJenkins Kubernetes Continuous Deploy Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-27205
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.91% / 74.80%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Action-Not Available
Vendor-Jenkins
Product-extended_choice_parameterJenkins Extended Choice Parameter Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-27209
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 72.19%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-kubernetes_continuous_deployJenkins Kubernetes Continuous Deploy Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-27215
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 69.86%
||
7 Day CHG+0.08%
Published-15 Mar, 2022 | 16:46
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-release_helperJenkins Release Helper Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25211
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.24%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-swampJenkins SWAMP Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25208
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.96% / 75.53%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.

Action-Not Available
Vendor-Jenkins
Product-chef_sinatraJenkins Chef Sinatra Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25201
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.56%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-checkmarxJenkins Checkmarx Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-23112
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:06
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-publish_over_sshJenkins Publish Over SSH Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-29051
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.91% / 74.80%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:50
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-publish_over_ftpJenkins Publish Over FTP Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-28158
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.02%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-pipeline\Jenkins Pipeline: Phoenix AutoTest Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-20616
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.21%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

Action-Not Available
Vendor-Jenkins
Product-credentials_bindingJenkins Credentials Binding Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-20614
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-2.21% / 83.79%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 00:00
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitemailerJenkins Mailer Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-27199
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.91% / 74.80%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

Action-Not Available
Vendor-Jenkins
Product-cloudbees_aws_credentialsJenkins CloudBees AWS Credentials Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-20620
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 75.67%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-ssh_agentJenkins SSH Agent Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2204
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 14:55
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.

Action-Not Available
Vendor-Jenkins
Product-fortify_on_demandJenkins Fortify on Demand Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2272
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-elastestJenkins ElasTest Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2322
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.63%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 15:55
Updated-04 Aug, 2024 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.

Action-Not Available
Vendor-netflixJenkins
Product-chaos_monkeyJenkins Chaos Monkey Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25206
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.05%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-dbchartsJenkins dbCharts Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2234
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:25
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-pipeline_maven_integrationJenkins Pipeline Maven Integration Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2285
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 13:10
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-liquibase_runnerJenkins Liquibase Runner Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2267
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.

Action-Not Available
Vendor-Jenkins
Product-mongodbJenkins MongoDB Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2216
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 14:55
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.

Action-Not Available
Vendor-Jenkins
Product-zephyr_for_jira_test_managementJenkins Zephyr for JIRA Test Management Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2242
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 13:50
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-databaseJenkins database Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25195
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-autonomiqJenkins autonomiq Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25199
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.05%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-scp_publisherJenkins SCP publisher Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25193
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.70%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-snow_commanderJenkins Snow Commander Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-25190
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.02%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 16:11
Updated-15 Oct, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-conjur_secretsJenkins Conjur Secrets Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2020-2142
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:00
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.

Action-Not Available
Vendor-Jenkins
Product-p4Jenkins P4 Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-20618
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-1.14% / 77.48%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-bitbucket_branch_sourceJenkins Bitbucket Branch Source Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-0905
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.87%
||
7 Day CHG~0.00%
Published-10 Mar, 2022 | 00:00
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in go-gitea/gitea

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

Action-Not Available
Vendor-giteago-gitea
Product-giteago-gitea/gitea
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found