Jenkins Project Jenkins Job And Node Ownership Plugin vulnerabilities
4 known vulnerabilities affecting jenkins_project/jenkins_job_and_node_ownership_plugin.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-28150HIGHCVSS 8.8≥ unspecified, ≤ 0.13.02022-03-29
CVE-2022-28150 [HIGH] CWE-352 CVE-2022-28150: A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 an
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
cvelistv5nvd
CVE-2022-28149MEDIUMCVSS 5.4≥ unspecified, ≤ 0.13.02022-03-29
CVE-2022-28149 [MEDIUM] CWE-79 CVE-2022-28149: Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
cvelistv5nvd
CVE-2022-28152MEDIUMCVSS 4.3≥ unspecified, ≤ 0.13.02022-03-29
CVE-2022-28152 [MEDIUM] CWE-352 CVE-2022-28152: A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 an
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
cvelistv5nvd
CVE-2022-28151MEDIUMCVSS 4.3≥ unspecified, ≤ 0.13.02022-03-29
CVE-2022-28151 [MEDIUM] CWE-862 CVE-2022-28151: A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attack
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.
cvelistv5nvd