Jenkins Deployer Framework
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Deployer Framework . Last year Deployer Framework had 3 security vulnerabilities published. Right now, Deployer Framework is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 3 | 5.80 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.40 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Deployer Framework vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Deployer Framework Security Vulnerabilities
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier
CVE-2022-36891
4.3 - Medium
- July 27, 2022
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.
AuthZ
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation
CVE-2022-36890
4.3 - Medium
- July 27, 2022
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Directory traversal
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment
CVE-2022-36889
8.8 - High
- July 27, 2022
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service.
Directory traversal
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page
CVE-2020-2227
5.4 - Medium
- July 15, 2020
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Deployer Framework or by Jenkins? Click the Watch button to subscribe.
