CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45394
https://notcve.org/view.php?id=CVE-2022-45394
A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. Una verificación de permiso faltante en Jenkins Delete log Plugin 1.0 y versiones anteriores permite a los atacantes con permiso de Item/Read eliminar registros de compilación. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45379 – jenkins-plugin/script-security: Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions
https://notcve.org/view.php?id=CVE-2022-45379
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde y versiones anteriores almacena las aprobaciones de scripts completos como el hash SHA-1 del script, lo que lo hace vulnerable a ataques de colisión. A flaw was found in the script-security Jenkins Plugin. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. The affected version of the script-security Plugin stores whole-script approvals as the SHA-1 hash of the approved script. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564 https://access.redhat.com/security/cve/CVE-2022-45379 https://bugzilla.redhat.com/show_bug.cgi?id=2143090 • CWE-326: Inadequate Encryption Strength CWE-328: Use of Weak Hash •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45399
https://notcve.org/view.php?id=CVE-2022-45399
A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. Una verificación de permisos faltante en Jenkins Cluster Statistics Plugin 0.4.6 y versiones anteriores permite a los atacantes eliminar los registros de Jenkins Cluster Statistics. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38666
https://notcve.org/view.php?id=CVE-2022-38666
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 y versiones anteriores deshabilita incondicionalmente el certificado SSL/TLS y la validación del nombre de host para varias funciones. • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45400
https://notcve.org/view.php?id=CVE-2022-45400
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins JAPEX Plugin 1.7 y versiones anteriores no configuran su analizador XML para evitar ataques de entidades externas XML (XXE). • http://www.openwall.com/lists/oss-security/2022/11/15/4 https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2941 • CWE-611: Improper Restriction of XML External Entity Reference •