Jenkins Cloudbees Cd
By the Year
In 2023 there have been 2 vulnerabilities in Jenkins Cloudbees Cd with an average score of 7.3 out of ten. Cloudbees Cd did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 2 | 7.30 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 4.30 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cloudbees Cd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Cloudbees Cd Security Vulnerabilities
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step
CVE-2023-46655
6.5 - Medium
- October 25, 2023
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
insecure temporary file
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step
CVE-2023-46654
8.1 - High
- October 25, 2023
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.
insecure temporary file
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint
CVE-2021-21647
4.3 - Medium
- April 21, 2021
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Cloudbees Cd or by Jenkins? Click the Watch button to subscribe.
