Jenkins Job And Node Ownership
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Job And Node Ownership . Last year Job And Node Ownership had 4 security vulnerabilities published. Right now, Job And Node Ownership is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 4 | 5.70 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.50 |
It may take a day or so for new Job And Node Ownership vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Job And Node Ownership Security Vulnerabilities
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier
CVE-2022-28152
4.3 - Medium
- March 29, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
Session Riding
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier
CVE-2022-28151
4.3 - Medium
- March 29, 2022
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.
AuthZ
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners
CVE-2022-28149
5.4 - Medium
- March 29, 2022
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier
CVE-2022-28150
8.8 - High
- March 29, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
Session Riding
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java
CVE-2018-1000107
6.5 - Medium
- March 13, 2018
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Job And Node Ownership or by Jenkins? Click the Watch button to subscribe.
