CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43421
https://notcve.org/view.php?id=CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Una falta de comprobación de permisos en el plugin de origen de la rama Git de Jenkins versiones 3.2.4 y anteriores, permite a atacantes no autentificados desencadenar proyectos de Tuleap cuyo repositorio configurado coincide con el valor especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2852 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43429
https://notcve.org/view.php?id=CVE-2022-43429
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Jenkins Compuware Topaz for Total Test Plugin versiones 2.4.8 y anteriores, implementan un mensaje agent/controller que no limita dónde puede ser ejecutado, permitiendo a atacantes capaces de controlar los procesos del agente leer archivos arbitrarios en el sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43410 – jenkins-plugin/mercurial: Webhook endpoint discloses job names to unauthorized users in Mercurial Plugin
https://notcve.org/view.php?id=CVE-2022-43410
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. Jenkins Mercurial Plugin versiones 1251.va_b_121f184902 y anteriores, proporciona información sobre los trabajos que se activaron o programaron para el sondeo mediante su endpoint de webhook, incluidos los trabajos a los que el usuario no presenta permiso para acceder An information leak was found in a Jenkins plugin. This issue could allow an unauthenticated remote attacker to issue GET requests. The greatest impact is to confidentiality. • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2831 https://access.redhat.com/security/cve/CVE-2022-43410 https://bugzilla.redhat.com/show_bug.cgi?id=2136369 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43415
https://notcve.org/view.php?id=CVE-2022-43415
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins REPO Plugin versiones 1.15.0 y anteriores, no configura su analizador XML para prevenir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2337 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43411
https://notcve.org/view.php?id=CVE-2022-43411
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. Jenkins GitLab Plugin versiones 1.5.35 y anteriores, usa una función de comparación de tiempo no constante cuando comprueba si el token de webhook proporcionado y el esperado son iguales, permitiendo potencialmente a atacantes usar métodos estadísticos para obtener un token de webhook válido • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2877 • CWE-203: Observable Discrepancy •