Jenkins Team Foundation Server
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Team Foundation Server . Team Foundation Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 3 | 6.53 |
| 2020 | 1 | 3.30 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Team Foundation Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Team Foundation Server Security Vulnerabilities
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier
CVE-2021-21636
4.3 - Medium
- March 30, 2021
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
AuthZ
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier
CVE-2021-21637
6.5 - Medium
- March 30, 2021
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier
CVE-2021-21638
8.8 - High
- March 30, 2021
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it
CVE-2020-2249
3.3 - Low
- September 01, 2020
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Team Foundation Server or by Jenkins? Click the Watch button to subscribe.
