CVE-2022-41230
- EPSS 0.83%
- Published 21.09.2022 16:15:10
- Last modified 28.05.2025 15:15:21
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, a...
CVE-2022-41231
- EPSS 0.26%
- Published 21.09.2022 16:15:10
- Last modified 28.05.2025 15:15:21
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.
- EPSS 0.16%
- Published 21.09.2022 16:15:10
- Last modified 28.05.2025 15:15:21
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API e...
CVE-2017-1000387
- EPSS 0.01%
- Published 26.01.2018 02:29:00
- Last modified 21.11.2024 03:04:36
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allow...