Jenkins Semantic Versioning
By the Year
In 2023 there have been 2 vulnerabilities in Jenkins Semantic Versioning with an average score of 9.8 out of ten. Semantic Versioning did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 2 | 9.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Semantic Versioning vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Semantic Versioning Security Vulnerabilities
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2023-24430
9.8 - Critical
- January 26, 2023
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
XXE
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path
CVE-2023-24429
9.8 - Critical
- January 26, 2023
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Semantic Versioning or by Jenkins? Click the Watch button to subscribe.
