Jenkins Project Inheritance
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Project Inheritance . Last year Project Inheritance had 1 security vulnerability published. Right now, Project Inheritance is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 1 | 5.40 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 5.40 |
| 2019 | 3 | 5.03 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Project Inheritance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Project Inheritance Security Vulnerabilities
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips
CVE-2022-34787
5.4 - Medium
- June 30, 2022
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
XSS
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
CVE-2020-2197
4.3 - Medium
- June 03, 2020
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
Incorrect Default Permissions
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
CVE-2020-2198
6.5 - Medium
- June 03, 2020
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Insufficiently Protected Credentials
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
CVE-2019-10407
6.5 - Medium
- September 25, 2019
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Information Disclosure
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier
CVE-2019-10408
4.3 - Medium
- September 25, 2019
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
Session Riding
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier
CVE-2019-10409
4.3 - Medium
- September 25, 2019
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
Incorrect Permission Assignment for Critical Resource
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Project Inheritance or by Jenkins? Click the Watch button to subscribe.
