Jenkins Project Jenkins Blue Ocean Plugin vulnerabilities
4 known vulnerabilities affecting jenkins_project/jenkins_blue_ocean_plugin.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2022-30954MEDIUMCVSS 6.5≥ unspecified, ≤ 1.25.32022-05-17
CVE-2022-30954 [MEDIUM] CWE-862 CVE-2022-30954: Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP end
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
cvelistv5nvd
CVE-2022-30953MEDIUMCVSS 6.5≥ unspecified, ≤ 1.25.32022-05-17
CVE-2022-30953 [MEDIUM] CWE-352 CVE-2022-30953: A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier al
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
cvelistv5nvd
CVE-2020-2255MEDIUMCVSS 4.3≥ unspecified, ≤ 1.23.22020-09-16
CVE-2020-2255 [MEDIUM] CWE-862 CVE-2020-2255: A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Ove
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
cvelistv5nvd
CVE-2020-2254MEDIUMCVSS 6.5≥ unspecified, ≤ 1.23.22020-09-16
CVE-2020-2254 [MEDIUM] CWE-22 CVE-2020-2254: Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enable
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
cvelistv5nvd