Jenkins Cons3rt
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Cons3rt . Last year Cons3rt had 4 security vulnerabilities published. Right now, Cons3rt is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 4 | 6.53 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cons3rt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Cons3rt Security Vulnerabilities
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it
CVE-2022-41255
6.5 - Medium
- September 21, 2022
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Unprotected Storage of Credentials
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier
CVE-2022-41254
6.5 - Medium
- September 21, 2022
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier
CVE-2022-41253
8.8 - High
- September 21, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier
CVE-2022-41252
4.3 - Medium
- September 21, 2022
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Cons3rt or by Jenkins? Click the Watch button to subscribe.
