Jenkins Checkmarx
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Checkmarx . Last year Checkmarx had 1 security vulnerability published. Right now, Checkmarx is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.10 |
| 2022 | 3 | 6.90 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Checkmarx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Checkmarx Security Vulnerabilities
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.
CVE-2023-35142
8.1 - High
- June 14, 2023
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.
Improper Certificate Validation
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned
CVE-2022-46684
5.4 - Medium
- December 12, 2022
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
XSS
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier
CVE-2022-25201
6.5 - Medium
- February 15, 2022
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier
CVE-2022-25200
8.8 - High
- February 15, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Checkmarx or by Jenkins? Click the Watch button to subscribe.
