Jenkins Matrix Project
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Matrix Project . Last year Matrix Project had 1 security vulnerability published. Right now, Matrix Project is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 1 | 5.40 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 5.40 |
| 2019 | 1 | 9.90 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Matrix Project vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Matrix Project Security Vulnerabilities
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names
CVE-2022-20615
5.4 - Medium
- January 12, 2022
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
XSS
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis
CVE-2020-2224
5.4 - Medium
- July 15, 2020
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
XSS
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes
CVE-2020-2225
5.4 - Medium
- July 15, 2020
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
XSS
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java
CVE-2019-1003031
9.9 - Critical
- March 08, 2019
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
7PK - Security Features
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Matrix Project or by Jenkins? Click the Watch button to subscribe.
