Team Concert Jenkins Team Concert

  1. Vendors
  2. Jenkins
  3. Team Concert
Do you want an email whenever new security vulnerabilities are reported in Jenkins Team Concert?

By the Year

In 2023 there have been 1 vulnerability in Jenkins Team Concert with an average score of 4.3 out of ten. Team Concert did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.

Year Vulnerabilities Average Score
2023 1 4.30
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 3 6.53
2018 0 0.00

It may take a day or so for new Team Concert vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Team Concert Security Vulnerabilities

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier

CVE-2023-3315 4.3 - Medium - June 19, 2023

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

AuthZ

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier

CVE-2019-16565 8.8 - High - December 17, 2019

A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Session Riding

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier

CVE-2019-16566 6.5 - Medium - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

AuthZ

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods

CVE-2019-16567 4.3 - Medium - December 17, 2019

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Team Concert or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Team Concert
Product

subscribe