CVE-2022-36903
- EPSS 0.4%
- Published 27.07.2022 15:15:09
- Last modified 21.11.2024 07:14:02
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-36904
- EPSS 0.09%
- Published 27.07.2022 15:15:09
- Last modified 21.11.2024 07:14:02
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the J...
CVE-2022-34195
- EPSS 31.6%
- Published 23.06.2022 17:15:16
- Last modified 21.11.2024 07:09:02
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attac...
CVE-2021-21618
- EPSS 0.98%
- Published 24.02.2021 16:15:14
- Last modified 21.11.2024 05:48:42
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2020-2149
- EPSS 0.03%
- Published 09.03.2020 16:15:14
- Last modified 21.11.2024 05:24:47
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVE-2019-1003038
- EPSS 0.01%
- Published 08.03.2019 21:29:00
- Last modified 21.11.2024 04:17:47
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/reposito...