Jenkins Checkmarx vulnerabilities

CVE-2023-35142 [HIGH] CWE-295 CVE-2023-35142: Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Che Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.

CVE-2022-46684 [MEDIUM] CWE-79 CVE-2022-46684: Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx ser Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.

CVE-2022-25200 [HIGH] CWE-352 CVE-2022-25200: A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier a A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2022-25201 [MEDIUM] CWE-862 CVE-2022-25201: Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Over Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.