Jenkins Jira
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Jira . Last year Jira had 2 security vulnerabilities published. Right now, Jira is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.65 |
| 2022 | 1 | 5.40 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 9.35 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Jira vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Jira Security Vulnerabilities
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier
CVE-2023-49673
8.8 - High
- November 29, 2023
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Session Riding
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup
CVE-2023-49653
6.5 - Medium
- November 29, 2023
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Insufficiently Protected Credentials
Jenkins Jira Plugin 3.7 and earlier
CVE-2022-29041
5.4 - Medium
- April 12, 2022
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions
CVE-2019-16541
9.9 - Critical
- November 21, 2019
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
Exposure of Resource to Wrong Sphere
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java
CVE-2018-1000412
8.8 - High
- January 09, 2019
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Jira or by Jenkins? Click the Watch button to subscribe.
