Jenkins Cloudbees Cd
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Cloudbees Cd . Last year Cloudbees Cd had 2 security vulnerabilities published. Right now, Cloudbees Cd is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.30 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 4.30 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cloudbees Cd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Cloudbees Cd Security Vulnerabilities
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step
CVE-2023-46655
6.5 - Medium
- October 25, 2023
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
insecure temporary file
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step
CVE-2023-46654
8.1 - High
- October 25, 2023
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.
insecure temporary file
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint
CVE-2021-21647
4.3 - Medium
- April 21, 2021
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Cloudbees Cd or by Jenkins? Click the Watch button to subscribe.
