Jenkins Support Core
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Support Core . Last year Support Core had 2 security vulnerabilities published. Right now, Support Core is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.50 |
| 2021 | 1 | 5.30 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 6.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Support Core vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Support Core Security Vulnerabilities
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier
CVE-2022-45383
6.5 - Medium
- November 15, 2022
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
AuthZ
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.
CVE-2022-25187
6.5 - Medium
- February 15, 2022
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.
Insufficiently Protected Credentials
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information
CVE-2021-21621
5.3 - Medium
- February 24, 2021
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
Information Disclosure
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier
CVE-2019-16539
6.5 - Medium
- November 21, 2019
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
Improper Preservation of Permissions
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier
CVE-2019-16540
6.5 - Medium
- November 21, 2019
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Support Core or by Jenkins? Click the Watch button to subscribe.
