Jenkins Warnings
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Warnings . Last year Warnings had 1 security vulnerability published. Right now, Warnings is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
| 2019 | 1 | 8.80 |
| 2018 | 1 | 8.80 |
It may take a day or so for new Warnings vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Warnings Security Vulnerabilities
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup
CVE-2023-46651
6.5 - Medium
- October 25, 2023
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
Insufficiently Protected Credentials
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier
CVE-2020-2280
8.8 - High
- September 23, 2020
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
Session Riding
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java
CVE-2019-1003007
8.8 - High
- February 06, 2019
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
Session Riding
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process
CVE-2018-1000012
8.8 - High
- January 23, 2018
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Warnings or by Jenkins? Click the Watch button to subscribe.
