Jenkins: >> Jenkins Security Vulnerabilities
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-10-19
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-10-19
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-10-19
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-10-19
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-10-19
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
CVSS Score
5.4
EPSS Score
0.016
Published
2022-09-21
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
CVSS Score
8.2
EPSS Score
0.004
Published
2022-07-27
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
CVSS Score
8.2
EPSS Score
0.003
Published
2022-07-27
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
CVSS Score
7.5
EPSS Score
0.014
Published
2022-07-07
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVSS Score
5.4
EPSS Score
0.064
Published
2022-06-23