CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32754
https://notcve.org/view.php?id=CVE-2025-32754
10 Apr 2025 — In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. • https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2216
https://notcve.org/view.php?id=CVE-2024-2216
06 Mar 2024 — A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. Una verificación de permiso faltante en un punto final HTTP en el complemento Docker-build-step de Jenkins 2.11 y versiones anteriores permite a los atacantes con permiso general/lectura co... • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2215
https://notcve.org/view.php?id=CVE-2024-2215
06 Mar 2024 — A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. Una vulnerabilidad de falsificación de solicitud entre sitios (CSRF) en el complemento Docker-build-step de Jenkins 2.11 y versiones anteriores permite a los atacantes conectarse a una URL de socket TCP o Unix espec... • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 20%CPEs: 1EXPL: 0CVE-2023-40350
https://notcve.org/view.php?id=CVE-2023-40350
16 Aug 2023 — Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45385
https://notcve.org/view.php?id=CVE-2022-45385
15 Nov 2022 — A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. Una comprobación de permisos faltante en Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 y anteriores permite a atacantes no autenticados activar compilaciones de trabajos correspondientes al repositorio especificado por el atacante. • http://www.openwall.com/lists/oss-security/2022/11/15/4 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-20617 – jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
https://notcve.org/view.php?id=CVE-2022-20617
12 Jan 2022 — Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. Jenkins Docker Commons Plugin versiones 1.17 y anteriores, no sanea el nombre de una imagen o una etiqueta, resultando en una vulnerabilidad de ejecución de comandos del Sistema Operativo explotable por atacantes con permiso Ite... • http://www.openwall.com/lists/oss-security/2022/01/12/6 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10340
https://notcve.org/view.php?id=CVE-2019-10340
11 Jul 2019 — A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery en el Plugin Docker versión 1.1.6 y anteriores de Jenkins en el archivo DockerAPI.DescriptorImpl#doTestConnection, permitió a los usu... • http://www.openwall.com/lists/oss-security/2019/07/11/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10341
https://notcve.org/view.php?id=CVE-2019-10341
11 Jul 2019 — A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permisos en el Plugin Docker versión 1.1.6 y anteriores de Jenkins en el archivo DockerAPI.DescriptorImpl#doTestConnection, permitió a los usuarios con acceso General y de Le... • http://www.openwall.com/lists/oss-security/2019/07/11/4 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10342
https://notcve.org/view.php?id=CVE-2019-10342
11 Jul 2019 — A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permisos en el Plugin Docker versión 1.1.6 y anteriores de Jenkins en varios métodos 'fillCredentialsIdItems', permitieron a los usuarios con acceso General y de Lectura enumerar los ID de credenciales almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2019/07/11/4 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003065
https://notcve.org/view.php?id=CVE-2019-1003065
04 Apr 2019 — Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. El plugin CloudShare Docker-Machine de Jenkins almacena credenciales sin cifrar en su archivo de configuración global en el servidor maestro de Jenkins donde dichas credenciales pueden ser visualizadas por los usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/04/12/2 • CWE-311: Missing Encryption of Sensitive Data •