Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25183 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25182 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure High
CVE-2022-25181 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
Sandbox Bypass in Script Security Plugin High
CVE-2019-1003005 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
westonsteimel
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003033 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Protection Mechanism Failure in Jenkins Script Security Plugin High
CVE-2019-1003000 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files High
CVE-2021-43578 was published for org.jenkins-ci.plugins:squashtm-publisher-plugin (Maven) May 24, 2022
NotMyFault
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
Unauthorized view fragment access in Jenkins High
CVE-2022-34175 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin High
CVE-2022-43435 was published for org.jenkins-ci.plugins.plugin:fireline (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure High
CVE-2022-43416 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43406 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43405 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43404 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43401 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin High
CVE-2022-43432 was published for org.jenkins-ci.plugins:xframium (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin High
CVE-2022-43433 was published for io.jenkins.plugins:screenrecorder (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API