Jenkins Project Jenkins Pipeline Build Step Plugin vulnerabilities
2 known vulnerabilities affecting jenkins_project/jenkins_pipeline_build_step_plugin.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-25762MEDIUMCVSS 5.4≥ unspecified, ≤ 2.182023-02-15
CVE-2023-25762 [MEDIUM] CWE-79 CVE-2023-25762: Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expre
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
cvelistv5nvd
CVE-2022-25184MEDIUMCVSS 6.5≥ unspecified, ≤ 2.152022-02-15
CVE-2022-25184 [MEDIUM] CWE-522 CVE-2022-25184: Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.
cvelistv5nvd