Jenkins Warnings Next Generation vulnerabilities
6 known vulnerabilities affecting jenkins/warnings_next_generation.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2022-23107HIGHCVSS 8.1≥ 9.0.0, < 9.0.2≥ 9.5.0, < 9.5.2+2 more2022-01-12
CVE-2022-23107 [HIGH] CWE-22 CVE-2022-23107: Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.
nvd
CVE-2021-21626MEDIUMCVSS 4.3≤ 8.4.42021-03-18
CVE-2021-21626 [MEDIUM] CWE-862 CVE-2021-21626: Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in met
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.
nvd
CVE-2019-10325MEDIUMCVSS 5.4≤ 5.0.02019-05-31
CVE-2019-10325 [MEDIUM] CWE-79 CVE-2019-10325: A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacke
A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
nvd
CVE-2019-10326MEDIUMCVSS 4.3v5.0.02019-05-31
CVE-2019-10326 [MEDIUM] CWE-352 CVE-2019-10326: A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed a
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
nvd
CVE-2019-1003008HIGHCVSS 8.8≤ 2.1.12019-02-06
CVE-2019-1003008 [HIGH] CWE-352 CVE-2019-1003008: A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 a
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
nvd
CVE-2019-1003023MEDIUMCVSS 6.1≤ 1.0.12019-02-06
CVE-2019-1003023 [MEDIUM] CWE-79 CVE-2019-1003023: A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and ear
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/j
nvd