Jenkins Deployment Dashboard vulnerabilities

6 known vulnerabilities affecting jenkins/deployment_dashboard.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2023-50775MEDIUMCVSS 4.3≤ 1.0.102023-12-13
CVE-2023-50775 [MEDIUM] CWE-352 CVE-2023-50775: A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
nvd
CVE-2022-34797MEDIUMCVSS 4.3≤ 1.0.102022-06-30
CVE-2022-34797 [MEDIUM] CWE-352 CVE-2022-34797: A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.
nvd
CVE-2022-34798MEDIUMCVSS 4.3≤ 1.0.102022-06-30
CVE-2022-34798 [MEDIUM] CWE-862 CVE-2022-34798: Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in severa Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
nvd
CVE-2022-34795MEDIUMCVSS 5.4≤ 1.0.102022-06-30
CVE-2022-34795 [MEDIUM] CWE-79 CVE-2022-34795: Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Depl Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
nvd
CVE-2022-34796MEDIUMCVSS 4.3≤ 1.0.102022-06-30
CVE-2022-34796 [MEDIUM] CWE-862 CVE-2022-34796: A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attacker A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
nvd
CVE-2022-34799MEDIUMCVSS 4.3≤ 1.0.102022-06-30
CVE-2022-34799 [MEDIUM] CWE-522 CVE-2022-34799: Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global c Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
nvd