Jenkins Project Jenkins Generic Webhook Trigger Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_generic_webhook_trigger_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-43412MEDIUMCVSS 5.3≥ unspecified, ≤ 1.84.12022-10-19
CVE-2022-43412 [MEDIUM] CWE-203 CVE-2022-43412: Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison functi
Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
cvelistv5nvd
CVE-2022-25185MEDIUMCVSS 5.4≥ unspecified, ≤ 1.812022-02-15
CVE-2022-25185 [MEDIUM] CWE-79 CVE-2022-25185: Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using t
Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
cvelistv5nvd
CVE-2021-21669CRITICALCVSS 9.8≥ unspecified, ≤ 1.722021-06-18
CVE-2021-21669 [CRITICAL] CVE-2021-21669: Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
cvelistv5nvd