CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28142
https://notcve.org/view.php?id=CVE-2022-28142
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. Jenkins Proxmox Plugin versiones 0.6.0 y anteriores, deshabilitan la comprobación de certificados SSL/TLS globalmente para la JVM del controlador de Jenkins cuando es configurado para ignorar los problemas de SSL/TLS • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2081 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28141
https://notcve.org/view.php?id=CVE-2022-28141
Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. Jenkins Proxmox Plugin versiones 0.5.0 y anteriores, almacena la contraseña del Centro de Datos Proxmox sin encriptar en el archivo global config.xml en el controlador Jenkins donde puede ser visualizado por usuarios con acceso al sistema de archivos del controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2079 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28140
https://notcve.org/view.php?id=CVE-2022-28140
Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Flaky Test Handler Plugin versiones 1.2.1 y anteriores, no configuran su analizador XML para prevenir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-1896 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28139
https://notcve.org/view.php?id=CVE-2022-28139
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Una comprobación de permisos ausente en Jenkins RocketChat Notifier Plugin versiones 1.4.10 y anteriores, permite a atacantes con permiso Overall/Read conectarse a una URL especificada por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2241 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28138
https://notcve.org/view.php?id=CVE-2022-28138
A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins RocketChat Notifier Plugin versiones 1.4.10 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2241 • CWE-352: Cross-Site Request Forgery (CSRF) •