Jenkins Repo
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Repo . Last year Repo had 4 security vulnerabilities published. Right now, Repo is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 4 | 6.95 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Repo vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Repo Security Vulnerabilities
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2022-43415
7.5 - High
- October 19, 2022
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
XXE
Jenkins REPO Plugin 1.14.0 and earlier
CVE-2022-30949
5.3 - Medium
- May 17, 2022
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Jenkins Mercurial Plugin 2.16 and earlier
CVE-2022-30948
7.5 - High
- May 17, 2022
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Jenkins Git Plugin 4.11.1 and earlier
CVE-2022-30947
7.5 - High
- May 17, 2022
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Mercurial or by Jenkins? Click the Watch button to subscribe.
