Jenkins Team Concert

Do you want an email whenever new security vulnerabilities are reported in Jenkins Team Concert?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Team Concert . Last year Team Concert had 1 security vulnerability published. Right now, Team Concert is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	1	4.30
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	3	6.53
2018	0	0.00

It may take a day or so for new Team Concert vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Team Concert Security Vulnerabilities

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier

CVE-2023-3315 4.3 - Medium - June 19, 2023

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

AuthZ

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier

CVE-2019-16565 8.8 - High - December 17, 2019

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Session Riding

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier

CVE-2019-16566 6.5 - Medium - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

AuthZ

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods

CVE-2019-16567 4.3 - Medium - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Team Concert or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Team Concert
Product

Jenkins Team Concert

By the Year

Recent Jenkins Team Concert Security Vulnerabilities

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier CVE-2023-3315 4.3 - Medium - June 19, 2023

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier CVE-2019-16565 8.8 - High - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier CVE-2019-16566 6.5 - Medium - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods CVE-2019-16567 4.3 - Medium - December 17, 2019

Stay on top of Security Vulnerabilities

Jenkins Vendor

Jenkins Team ConcertProduct

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier

CVE-2023-3315 4.3 - Medium - June 19, 2023

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier

CVE-2019-16565 8.8 - High - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier

CVE-2019-16566 6.5 - Medium - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods

CVE-2019-16567 4.3 - Medium - December 17, 2019

Jenkins
Vendor

Jenkins Team Concert
Product