Jenkins Job And Node Ownership vulnerabilities

CVE-2022-28150 [HIGH] CWE-352 CVE-2022-28150: A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 an A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.

CVE-2022-28149 [MEDIUM] CWE-79 CVE-2022-28149: Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2022-28152 [MEDIUM] CWE-352 CVE-2022-28152: A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 an A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.

CVE-2022-28151 [MEDIUM] CWE-862 CVE-2022-28151: A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attack A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

CVE-2018-1000107 [MEDIUM] CWE-863 CVE-2018-1000107: An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and e An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.