CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45395
https://notcve.org/view.php?id=CVE-2022-45395
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins CCCC Plugin 0.6 y versiones anteriores no configuran su analizador XML para evitar ataques de entidades externas XML (XXE). • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2921 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45397
https://notcve.org/view.php?id=CVE-2022-45397
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins OSF Builder Suite :: XML Linter Plugin 1.0.2 y versiones anteriores no configuran su analizador XML para evitar ataques de entidades externas XML (XXE). • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2937 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45385
https://notcve.org/view.php?id=CVE-2022-45385
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. Una comprobación de permisos faltante en Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 y anteriores permite a atacantes no autenticados activar compilaciones de trabajos correspondientes al repositorio especificado por el atacante. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2843 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45389
https://notcve.org/view.php?id=CVE-2022-45389
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. Una verificación de permisos faltante en Jenkins XP-Dev Plugin 1.0 y versiones anteriores permite a atacantes no autenticados activar compilaciones de trabajos correspondientes a un repositorio especificado por el atacante. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2853 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45380 – jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin
https://notcve.org/view.php?id=CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins JUnit Plugin 1159.v0b_396e1e07dd y versiones anteriores convierten las URL HTTP(S) en la salida del informe de prueba en enlaces en los que se puede hacer clic de manera insegura, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenada que pueden explotar los atacantes con permiso Item/Configure. A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTP(S) URLs in test report output to clickable links, which leads to a stored Cross-site scripting (XSS) attack. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888 https://access.redhat.com/security/cve/CVE-2022-45380 https://bugzilla.redhat.com/show_bug.cgi?id=2143086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •