CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45382
https://notcve.org/view.php?id=CVE-2022-45382
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names. Jenkins Naginator Plugin 1.18.1 y versiones anteriores no escapa a los nombres para mostrar de las compilaciones de origen en compilaciones que se activaron mediante la acción Reintentar, lo que da como resultado una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que pueden explotar los atacantes capaces de editar los nombres para mostrar de las compilaciones. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45387
https://notcve.org/view.php?id=CVE-2022-45387
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. Jenkins BART Plugin 1.0.3 y versiones anteriores no escapan del contenido analizado de los registros de compilación antes de representarlos en la interfaz de usuario de Jenkins, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenada. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45401
https://notcve.org/view.php?id=CVE-2022-45401
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El complemento Jenkins Associated Files 0.2.1 y versiones anteriores no escapa a los nombres de los archivos asociados, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas que pueden explotar los atacantes con permiso Item/Configure. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45392
https://notcve.org/view.php?id=CVE-2022-45392
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 y versiones anteriores almacena contraseñas sin cifrar en archivos job config.xml en el controlador Jenkins, donde pueden ser vistas por atacantes con permiso de Lectura Extendida o acceso al sistema de archivos del controlador Jenkins. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45390
https://notcve.org/view.php?id=CVE-2022-45390
A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una verificación de permiso faltante en el complemento Jenkins loader.io 1.0.1 y versiones anteriores permite a atacantes con permiso general/lectura enumerar los ID de las credenciales almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2857 • CWE-862: Missing Authorization •