Total
246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43494 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered. | |||||
| CVE-2023-36478 | 3 Debian, Eclipse, Jenkins | 3 Debian Linux, Jetty, Jenkins | 2024-11-21 | N/A | 7.5 HIGH |
| Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | |||||
| CVE-2022-43429 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2024-11-21 | N/A | 7.5 HIGH |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-43428 | 1 Jenkins | 2 Compuware Topax For Total Test, Jenkins | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
| CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code, Jenkins | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
| CVE-2022-43423 | 1 Jenkins | 2 Compuware Source Code Download For Endevor\, Pds\, And Ispw, Jenkins | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
| CVE-2022-43422 | 1 Jenkins | 2 Compuware Topaz Utilities, Jenkins | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | |||||
| CVE-2022-43416 | 1 Jenkins | 2 Jenkins, Katalon | 2024-11-21 | N/A | 8.8 HIGH |
| Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands. | |||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A | 5.4 MEDIUM |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | |||||
| CVE-2022-36900 | 1 Jenkins | 2 Compuware Zadviser Api, Jenkins | 2024-11-21 | N/A | 8.2 HIGH |
| Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
| CVE-2022-36899 | 1 Jenkins | 2 Compuware Ispw Operations, Jenkins | 2024-11-21 | N/A | 8.2 HIGH |
| Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
| CVE-2022-34175 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | |||||
| CVE-2022-34174 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. | |||||
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-34172 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-2048 | 4 Debian, Eclipse, Jenkins and 1 more | 8 Debian Linux, Jetty, Jenkins and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | |||||
| CVE-2022-27201 | 1 Jenkins | 2 Jenkins, Semantic Versioning | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2022-20612 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 2.6 LOW | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | |||||