Jenkins Coverity
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Coverity . Last year Coverity had 3 security vulnerabilities published. Right now, Coverity is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 3 | 7.07 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 7.80 |
It may take a day or so for new Coverity vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Coverity Security Vulnerabilities
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier
CVE-2022-36921
8.1 - High
- July 27, 2022
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier
CVE-2022-36920
8.8 - High
- July 27, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier
CVE-2022-36919
4.3 - Medium
- July 27, 2022
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
AuthZ
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java
CVE-2018-1000104
7.8 - High
- March 13, 2018
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Coverity or by Jenkins? Click the Watch button to subscribe.
