Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Jenkins Subscribe
Filtered by product Warnings Next Generation
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23107 1 Jenkins 1 Warnings Next Generation 2022-03-23 5.5 MEDIUM 8.1 HIGH
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.
CVE-2021-21626 1 Jenkins 1 Warnings Next Generation 2021-03-24 4.0 MEDIUM 4.3 MEDIUM
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
CVE-2019-1003008 1 Jenkins 1 Warnings Next Generation 2019-10-09 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
CVE-2019-1003023 1 Jenkins 1 Warnings Next Generation 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.
CVE-2019-10325 1 Jenkins 1 Warnings Next Generation 2019-06-03 3.5 LOW 5.4 MEDIUM
A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
CVE-2019-10326 1 Jenkins 1 Warnings Next Generation 2019-06-03 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.