Matrix Project Jenkins Matrix Project

Do you want an email whenever new security vulnerabilities are reported in Jenkins Matrix Project?

By the Year

In 2024 there have been 1 vulnerability in Jenkins Matrix Project with an average score of 4.3 out of ten. Matrix Project did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.

Year Vulnerabilities Average Score
2024 1 4.30
2023 0 0.00
2022 1 5.40
2021 0 0.00
2020 2 5.40
2019 1 9.90
2018 0 0.00

It may take a day or so for new Matrix Project vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Matrix Project Security Vulnerabilities

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects

CVE-2024-23900 4.3 - Medium - January 24, 2024

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names

CVE-2022-20615 5.4 - Medium - January 12, 2022

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

XSS

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis

CVE-2020-2224 5.4 - Medium - July 15, 2020

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.

XSS

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes

CVE-2020-2225 5.4 - Medium - July 15, 2020

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.

XSS

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java

CVE-2019-1003031 9.9 - Critical - March 08, 2019

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Openshift Container Platform or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

subscribe