Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2023-24426
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-01-26
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-01-26
CVE-2022-46684
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.093
Published
2022-12-12
CVE-2022-46686
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.
CVSS Score
5.4
EPSS Score
0.093
Published
2022-12-12
CVE-2022-46687
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.
CVSS Score
5.4
EPSS Score
0.093
Published
2022-12-12
CVE-2022-46688
A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-12
CVE-2022-46682
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-12-12
CVE-2022-46683
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-12-12
CVE-2022-45401
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVSS Score
5.4
EPSS Score
0.117
Published
2022-11-15
CVE-2022-45397
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-11-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved