CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41227
https://notcve.org/view.php?id=CVE-2022-41227
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Una vulnerabilidad de falsificación de tipo cross-site request forgery (CSRF) en Jenkins NS-ND Integration Performance Publisher Plugin versiones 4.8.0.129 y anteriores, permite a atacantes conectarse a un servidor web especificado por el atacante usando credenciales especificadas por el mismo • https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2737 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41225
https://notcve.org/view.php?id=CVE-2022-41225
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. Jenkins Anchore Container Image Scanner Plugin versiones 1.0.24 y anteriores, no escapa del contenido proporcionado por la API del motor Anchore, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado, explotable por atacantes capaces de controlar las respuestas de la API por el motor Anchore • https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41226
https://notcve.org/view.php?id=CVE-2022-41226
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Compuware Common Configuration Plugin versiones 1.0.14 y anteriores, no configura su analizador XML para evitar ataques de tipo XML external entity (XXE) • https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2832 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41224
https://notcve.org/view.php?id=CVE-2022-41224
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. Jenkins versiones 2.367 hasta 2.369 (ambas inclusive) no escapa a la información sobre herramientas del componente l:helpIcon UI usado para algunos iconos de ayuda en la interfaz web de Jenkins, lo que da lugar a una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes capaces de controlar la información sobre herramientas de este componente • https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38665
https://notcve.org/view.php?id=CVE-2022-38665
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. Jenkins CollabNet Plugins Plugin versiones 2.0.8 y anteriores, almacena una contraseña de RabbitMQ sin cifrar en su archivo de configuración global en el controlador de Jenkins, donde puede ser visualizado por usuarios con acceso al sistema de archivos del controlador de Jenkins. • http://www.openwall.com/lists/oss-security/2022/08/23/2 https://www.jenkins.io/security/advisory/2022-08-23/#SECURITY-2157 • CWE-522: Insufficiently Protected Credentials •