CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27208
https://notcve.org/view.php?id=CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. El plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a usuarios con permiso Credentials/Create leer archivos arbitrarios en el controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27207
https://notcve.org/view.php?id=CVE-2022-27207
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. El Plugin global-build-stats de Jenkins versiones 1.5 y anteriores, no escapa de múltiples campos en la configuración del gráfico en la página "Global Build Stats", resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Overall/Administer • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27206
https://notcve.org/view.php?id=CVE-2022-27206
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. El Plugin GitLab Authentication de Jenkins versiones 1.13 y anteriores, almacena el secreto del cliente de GitLab sin cifrar en el archivo global config.xml del controlador de Jenkins, donde puede ser visualizado por usuarios con acceso al sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27205
https://notcve.org/view.php?id=CVE-2022-27205
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Una falta de comprobación de permisos en el Plugin Extended Choice Parameter de Jenkins versiones 346.vd87693c5a_86c y anteriores, permite a atacantes con permiso Overall/Read conectarse a una URL especificada por el atacante • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27204
https://notcve.org/view.php?id=CVE-2022-27204
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. Una vulnerabilidad de tipo cross-site request forgery en el Plugin Extended Choice Parameter de Jenkins versiones 346.vd87693c5a_86c y anteriores, permite a atacantes conectarse a una URL especificada por un atacante • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1350 • CWE-352: Cross-Site Request Forgery (CSRF) •