Jenkins

Blue Ocean

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-40341

  • EPSS 0.42%
  • Published 16.08.2023 15:15:11
  • Last modified 21.11.2024 08:19:15

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

6.5

CVE-2022-30952

  • EPSS 0.38%
  • Published 17.05.2022 15:15:09
  • Last modified 21.11.2024 07:03:37

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jen...

6.5

CVE-2022-30953

  • EPSS 0.04%
  • Published 17.05.2022 15:15:09
  • Last modified 21.11.2024 07:03:37

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

6.5

CVE-2022-30954

  • EPSS 0.3%
  • Published 17.05.2022 15:15:09
  • Last modified 21.11.2024 07:03:37

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

6.5

CVE-2020-2254

  • EPSS 2.42%
  • Published 16.09.2020 14:15:13
  • Last modified 21.11.2024 05:25:06

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

4.3

CVE-2020-2255

  • EPSS 0.06%
  • Published 16.09.2020 14:15:13
  • Last modified 21.11.2024 05:25:06

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

6.5

CVE-2019-1003012

  • EPSS 0.16%
  • Published 06.02.2019 16:29:00
  • Last modified 21.11.2024 04:17:44

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, b...

5.4

CVE-2019-1003013

  • EPSS 0.06%
  • Published 06.02.2019 16:29:00
  • Last modified 21.11.2024 04:17:44

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/ex...

5.3

CVE-2017-1000105

  • EPSS 0.04%
  • Published 05.10.2017 01:29:04
  • Last modified 20.04.2025 01:37:25

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

8.5

CVE-2017-1000106

  • EPSS 0.03%
  • Published 05.10.2017 01:29:04
  • Last modified 20.04.2025 01:37:25

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the p...