Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jenkins Subscribe
Filtered by product Gerrit Trigger
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24423 1 Jenkins 1 Gerrit Trigger 2023-02-03 N/A 6.5 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
CVE-2022-29039 1 Jenkins 1 Gerrit Trigger 2022-04-20 3.5 LOW 5.4 MEDIUM
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2019-16552 1 Jenkins 1 Gerrit Trigger 2020-01-03 5.5 MEDIUM 5.4 MEDIUM
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
CVE-2019-16551 1 Jenkins 1 Gerrit Trigger 2020-01-03 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
CVE-2018-1000105 1 Jenkins 1 Gerrit Trigger 2019-10-02 4.0 MEDIUM 4.3 MEDIUM
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
CVE-2018-1000106 1 Jenkins 1 Gerrit Trigger 2019-10-02 5.5 MEDIUM 5.4 MEDIUM
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.