Jenkins Support Core
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Support Core . Support Core did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 2 | 6.50 |
2021 | 1 | 5.30 |
2020 | 0 | 0.00 |
2019 | 2 | 6.50 |
2018 | 0 | 0.00 |
It may take a day or so for new Support Core vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Support Core Security Vulnerabilities
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier
CVE-2022-45383
6.5 - Medium
- November 15, 2022
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
AuthZ
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.
CVE-2022-25187
6.5 - Medium
- February 15, 2022
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.
Improper Removal of Sensitive Information Before Storage or Transfer
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information
CVE-2021-21621
5.3 - Medium
- February 24, 2021
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
Information Disclosure
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier
CVE-2019-16539
6.5 - Medium
- November 21, 2019
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
Improper Preservation of Permissions
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier
CVE-2019-16540
6.5 - Medium
- November 21, 2019
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Support Core or by Jenkins? Click the Watch button to subscribe.