Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4351 | 1 Ibm | 1 Maximo Anywhere | 2022-02-23 | 2.1 LOW | 4.6 MEDIUM |
| IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493. | |||||
| CVE-2022-25188 | 1 Jenkins | 1 Fortify | 2022-02-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker. | |||||
| CVE-2022-25190 | 1 Jenkins | 1 Conjur Secrets | 2022-02-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-25187 | 1 Jenkins | 1 Support Core | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | |||||
| CVE-2022-24589 | 1 Burden Project | 1 Burden | 2022-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. | |||||
| CVE-2022-25212 | 1 Jenkins | 1 Swamp | 2022-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2022-25211 | 1 Jenkins | 1 Swamp | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2022-25210 | 1 Jenkins | 1 Convertigo Mobile Platform | 2022-02-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured. | |||||
| CVE-2022-25209 | 1 Jenkins | 1 Chef Sinatra | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-25208 | 1 Jenkins | 1 Chef Sinatra | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25207 | 1 Jenkins | 1 Chef Sinatra | 2022-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response. | |||||
| CVE-2022-25191 | 1 Jenkins | 1 Agent Server Parameter | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-25206 | 1 Jenkins | 1 Dbcharts | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials. | |||||
| CVE-2022-25204 | 1 Jenkins | 1 Doktor | 2022-02-23 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | |||||
| CVE-2022-25203 | 1 Jenkins | 1 Team Views | 2022-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission. | |||||
| CVE-2022-25202 | 1 Jenkins | 1 Promoted Builds \(simple\) | 2022-02-23 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2022-25199 | 1 Jenkins | 1 Scp Publisher | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25174 | 1 Jenkins | 1 Pipeline\ | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | |||||
| CVE-2022-25198 | 1 Jenkins | 1 Scp Publisher | 2022-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2022-25196 | 1 Jenkins | 1 Gitlab Authentication | 2022-02-23 | 4.9 MEDIUM | 5.4 MEDIUM |
| Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | |||||