Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-2105

Summary
Assigner-jenkins
Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At-29 Jan, 2020 | 15:15
Updated At-04 Aug, 2024 | 07:01
Rejected At-
Credits

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jenkins
Assigner Org ID:39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At:29 Jan, 2020 | 15:15
Updated At:04 Aug, 2024 | 07:01
Rejected At:
▼CVE Numbering Authority (CNA)

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.

Affected Products
Vendor
JenkinsJenkins project
Product
Jenkins
Versions
Affected
  • From unspecified through 2.218 (custom)
  • From unspecified through LTS 2.204.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/01/29/1
mailing-list
x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0681
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0683
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2020:0402
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2020:0675
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2020/01/29/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0681
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0683
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHBA-2020:0402
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHBA-2020:0675
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2020/01/29/1
mailing-list
x_refsource_MLIST
x_transferred
https://access.redhat.com/errata/RHSA-2020:0681
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2020:0683
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHBA-2020:0402
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHBA-2020:0675
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2020/01/29/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0681
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0683
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHBA-2020:0402
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHBA-2020:0675
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jenkinsci-cert@googlegroups.com
Published At:29 Jan, 2020 | 16:15
Updated At:25 Oct, 2023 | 18:16

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Jenkins
jenkins
>>jenkins>>Versions up to 2.204.1(inclusive)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Jenkins
jenkins
>>jenkins>>Versions up to 2.218(inclusive)
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1021Primarynvd@nist.gov
CWE ID: CWE-1021
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2020/01/29/1jenkinsci-cert@googlegroups.com
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHBA-2020:0402jenkinsci-cert@googlegroups.com
N/A
https://access.redhat.com/errata/RHBA-2020:0675jenkinsci-cert@googlegroups.com
N/A
https://access.redhat.com/errata/RHSA-2020:0681jenkinsci-cert@googlegroups.com
N/A
https://access.redhat.com/errata/RHSA-2020:0683jenkinsci-cert@googlegroups.com
N/A
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704jenkinsci-cert@googlegroups.com
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2020/01/29/1
Source: jenkinsci-cert@googlegroups.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHBA-2020:0402
Source: jenkinsci-cert@googlegroups.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHBA-2020:0675
Source: jenkinsci-cert@googlegroups.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0681
Source: jenkinsci-cert@googlegroups.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0683
Source: jenkinsci-cert@googlegroups.com
Resource: N/A
Hyperlink: https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

226Records found
CVE-2021-21613
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.22%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 15:55
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content.

Action-Not Available
Vendor-Jenkins
Product-ticsJenkins TICS Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21641
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 35.48%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 13:50
Updated-15 Oct, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.

Action-Not Available
Vendor-Jenkins
Product-promoted_buildsJenkins promoted builds Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-21610
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.58%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 15:55
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-28152
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:31
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.

Action-Not Available
Vendor-Jenkins
Product-job_and_node_ownershipJenkins Job and Node ownership Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.60% / 85.04%
||
7 Day CHG~0.00%
Published-31 Dec, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Action-Not Available
Vendor-n/aJenkins
Product-jenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2169
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.36%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 16:05
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.

Action-Not Available
Vendor-Jenkins
Product-queue_cleanupJenkins Queue cleanup Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-4440
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.50% / 80.35%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 21:03
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.

Action-Not Available
Vendor-Jenkins
Product-jenkinsjenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-0325
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-09 Mar, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

Action-Not Available
Vendor-cloudbeesn/aJenkins
Product-jenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4301
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.2||MEDIUM
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 22:34
Updated-01 Oct, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF vulnerability in Fortify Plugin allow capturing credentials

A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-fortifyJenkins Fortify Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-0328
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.86%
||
7 Day CHG~0.00%
Published-19 Mar, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aJenkins
Product-jenkinsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-4441
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.50% / 80.35%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 21:07
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.

Action-Not Available
Vendor-Jenkins
Product-jenkinsjenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-4439
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.44% / 62.44%
||
7 Day CHG~0.00%
Published-18 Nov, 2019 | 20:56
Updated-06 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.

Action-Not Available
Vendor-Jenkins
Product-jenkinsjenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-39153
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 13:54
Updated-23 Oct, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-gitlab_authenticationJenkins GitLab Authentication Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33005
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

Action-Not Available
Vendor-Jenkins
Product-wso2_oauthJenkins WSO2 Oauth Plugin
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-34812
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 25.22%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:49
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions.

Action-Not Available
Vendor-Jenkins
Product-xpath_configuration_viewerJenkins XPath Configuration Viewer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16569
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 64.29%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 14:40
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-mantisJenkins Mantis Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-33006
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 16:00
Updated-23 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-wso2_oauthJenkins WSO2 Oauth Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-0324
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-09 Mar, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.

Action-Not Available
Vendor-cloudbeesn/aJenkins
Product-jenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-29048
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.93%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 19:50
Updated-20 Nov, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

Action-Not Available
Vendor-Apple Inc.Jenkins
Product-subversionmacosJenkins Subversion Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-28142
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues.

Action-Not Available
Vendor-Jenkins
Product-proxmoxJenkins Proxmox Plugin
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-10307
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.55%
||
7 Day CHG~0.00%
Published-30 Apr, 2019 | 12:25
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the per-job default graph configuration for all users.

Action-Not Available
Vendor-Jenkins
Product-static_analysis_utilitiesJenkins Static Analysis Utilities Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10289
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.00%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-netsparker_cloud_scanJenkins Netsparker Cloud Scan Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10376
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 33.94%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Action-Not Available
Vendor-Jenkins
Product-wall_displayJenkins Wall Display Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10331
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 13:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-electricflowJenkins ElectricFlow Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003080
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.00%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-openshift_deployerJenkins OpenShift Deployer Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10454
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.42%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 13:00
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-rundeckJenkins Rundeck Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003076
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-audit_to_databaseJenkins Audit to Database Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10292
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-kmapJenkins Kmap Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10388
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.22%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-relution_enterprise_appstore_publisherJenkins Relution Enterprise Appstore Publisher Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003092
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-nomadJenkins Nomad Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10336
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.08% / 23.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 13:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin.

Action-Not Available
Vendor-Jenkins
Product-electricflowJenkins ElectricFlow Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10326
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.72%
||
7 Day CHG~0.00%
Published-31 May, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.

Action-Not Available
Vendor-Jenkins
Product-warnings_next_generationJenkins Warnings NG Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10456
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.84%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 13:00
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-oracle_cloud_infrastructure_compute_classicJenkins Oracle Cloud Infrastructure Compute Classic Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10324
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.15%
||
7 Day CHG~0.00%
Published-31 May, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for Gradle and Maven projects, and promote previously staged builds, respectively.

Action-Not Available
Vendor-jfrogJenkins
Product-artifactoryJenkins Artifactory Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003090
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-soasta_cloudtestJenkins SOASTA CloudTest Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003084
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-zephyr_enterprise_test_managementJenkins Zephyr Enterprise Test Management Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10408
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.45%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.

Action-Not Available
Vendor-Jenkins
Product-project_inheritanceJenkins Project Inheritance Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003082
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-gearmanJenkins Gearman Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10441
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.42%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 13:00
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-icescrumJenkins iceScrum Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003078
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-vmware_lab_manager_slavesJenkins VMware Lab Manager Slaves Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10332
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 13:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

Action-Not Available
Vendor-Jenkins
Product-electricflowJenkins ElectricFlow Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2019-10304
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.70%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 16:54
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-xebialabs_xl_deployJenkins XebiaLabs XL Deploy Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003098
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-openidJenkins openid Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10346
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.61%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 13:55
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.

Action-Not Available
Vendor-Jenkins
Product-embeddable_build_statusJenkins Embeddable Build Status Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10475
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-91.97% / 99.69%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 12:45
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Action-Not Available
Vendor-Jenkins
Product-build-metricsJenkins build-metrics Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10278
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-jenkins-reviewbotJenkins jenkins-reviewbot Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003086
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-04 Apr, 2019 | 15:38
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

Action-Not Available
Vendor-Jenkins
Product-chef_sinatraJenkins Chef Sinatra Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003012
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.78%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 16:00
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, blueocean-rest/src/main/java/io/jenkins/blueocean/rest/APICrumbExclusion.java, blueocean-web/src/main/java/io/jenkins/blueocean/BlueOceanUI.java, blueocean-web/src/main/resources/io/jenkins/blueocean/BlueOceanUI/index.jelly that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API.

Action-Not Available
Vendor-Red Hat, Inc.Jenkins
Product-blue_oceanopenshift_container_platformJenkins Blue Ocean Plugins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1003023
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 11.74%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 16:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.

Action-Not Available
Vendor-Jenkins
Product-warnings_next_generationJenkins Warnings Next Generation Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-1003010
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.69% / 70.84%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 16:00
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.

Action-Not Available
Vendor-n/aJenkinsRed Hat, Inc.
Product-openshift_container_platformgitn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found