Jenkins Job Import
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Job Import . Job Import did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.30 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 7.73 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Job Import vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Job Import Security Vulnerabilities
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint
CVE-2022-43413
4.3 - Medium
- October 19, 2022
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
AuthZ
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java
CVE-2019-1003015
9.1 - Critical
- February 06, 2019
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of job import to read arbitrary files, perform a denial of service attack, etc.
XXE
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java
CVE-2019-1003016
8.8 - High
- February 06, 2019
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java
CVE-2019-1003017
5.3 - Medium
- February 06, 2019
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Job Import or by Jenkins? Click the Watch button to subscribe.
