Jenkins Generic Webhook Trigger
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Generic Webhook Trigger . Last year Generic Webhook Trigger had 2 security vulnerabilities published. Right now, Generic Webhook Trigger is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 2 | 5.35 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Generic Webhook Trigger vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Generic Webhook Trigger Security Vulnerabilities
Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially
CVE-2022-43412
5.3 - Medium
- October 19, 2022
Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Side Channel Attack
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook
CVE-2022-25185
5.4 - Medium
- February 15, 2022
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2021-21669
9.8 - Critical
- June 18, 2021
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Generic Webhook Trigger or by Jenkins? Click the Watch button to subscribe.
