Build Publisher Jenkins Build Publisher

Do you want an email whenever new security vulnerabilities are reported in Jenkins Build Publisher?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Build Publisher . Build Publisher did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 3 6.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Build Publisher vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Build Publisher Security Vulnerabilities

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier

CVE-2022-41232 8 - High - September 21, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.

Session Riding

Jenkins Build-Publisher Plugin 1.22 and earlier

CVE-2022-41231 5.7 - Medium - September 21, 2022

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.

Directory traversal

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers

CVE-2022-41230 4.3 - Medium - September 21, 2022

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Build Publisher or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

subscribe