Jenkins Project Jenkins Dotci Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_dotci_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-41238CRITICALCVSS 9.8≥ unspecified, ≤ 2.40.002022-09-21
CVE-2022-41238 [CRITICAL] CWE-862 CVE-2022-41238: A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attack
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.
cvelistv5nvd
CVE-2022-41237CRITICALCVSS 9.8≥ unspecified, ≤ 2.40.002022-09-21
CVE-2022-41237 [CRITICAL] CWE-502 CVE-2022-41237: Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantia
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
cvelistv5nvd
CVE-2022-41239MEDIUMCVSS 5.4≥ unspecified, ≤ 2.40.002022-09-21
CVE-2022-41239 [MEDIUM] CWE-79 CVE-2022-41239: Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
cvelistv5nvd