Jenkins: >> Health Advisor By Cloudbees >> 2.10 Security Vulnerabilities
Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-05-14
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-09-16
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-01-15
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-01-15