CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36904
https://notcve.org/view.php?id=CVE-2022-36904
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. Jenkins Repository Connector Plugin versiones 2.2.0 y anteriores, no lleva a cabo una comprobación de permisos en un método que implementa la comprobación de formularios, permitiendo a atacantes con permiso de Overall/Read comprobar la existencia de una ruta de archivo especificada por el atacante en el sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36903
https://notcve.org/view.php?id=CVE-2022-36903
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Repository Connector Plugin versiones 2.2.0 y anteriores, permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%281%29 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34195
https://notcve.org/view.php?id=CVE-2022-34195
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Repository Connector Plugin versiones 2.2.0 y anteriores, no escapa del nombre y la descripción de los parámetros Maven Repository Artifact en las visualizaciones que muestran los parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21618
https://notcve.org/view.php?id=CVE-2021-21618
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Repository Connector Plugin versiones 2.0.2 y anteriores, no escapan los parámetros names y descriptions de compilaciones anteriores, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2149
https://notcve.org/view.php?id=CVE-2020-2149
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Jenkins Repository Connector Plugin versiones 1.2.6 y anteriores, transmiten las credenciales configuradas en texto plano como parte de su formulario de configuración de Jenkins global, resultando potencialmente en su exposición. • http://www.openwall.com/lists/oss-security/2020/03/09/1 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1520 • CWE-319: Cleartext Transmission of Sensitive Information •