By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Jira . Last year Jira had 1 security vulnerability published. Right now, Jira is on track to have less security vulnerabilities in 2023 than it did last year.
It may take a day or so for new Jira vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Jira Security Vulnerabilities
Jenkins Jira Plugin 3.7 and earlier
5.4 - Medium
- April 12, 2022
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions
9.9 - Critical
- November 21, 2019
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
Exposure of Resource to Wrong Sphere
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java
8.8 - High
- January 09, 2019
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Jira or by Jenkins? Click the Watch button to subscribe.