Jenkins

Build-publisher

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-41230

  • EPSS 0.83%
  • Veröffentlicht 21.09.2022 16:15:10
  • Zuletzt bearbeitet 28.05.2025 15:15:21

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, a...

5.7

CVE-2022-41231

  • EPSS 0.26%
  • Veröffentlicht 21.09.2022 16:15:10
  • Zuletzt bearbeitet 28.05.2025 15:15:21

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.

8

CVE-2022-41232

  • EPSS 0.16%
  • Veröffentlicht 21.09.2022 16:15:10
  • Zuletzt bearbeitet 28.05.2025 15:15:21

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API e...

7.8

CVE-2017-1000387

  • EPSS 0.01%
  • Veröffentlicht 26.01.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:04:36

Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allow...