Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Jenkins project

jenkins_blue_ocean

7 Versions 5 CVEs

Versions

1.25.3

SEMANTIC 2 CVEs

unspecified

OTHER 4 CVEs

1.19.2

SEMANTIC 2 CVEs

1.25.0.1

OTHER 2 CVEs

1.23.2

SEMANTIC 2 CVEs

1.27.5.1

OTHER 1 CVE

1.27.4.1

OTHER 1 CVE

Recent CVEs

CVE-2023-40341

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

UNKNOWN Aug 16, 2023

CVE-2022-30954

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

UNKNOWN May 17, 2022

CVE-2022-30953

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

UNKNOWN May 17, 2022

CVE-2020-2255

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

UNKNOWN Sep 16, 2020

CVE-2020-2254

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

UNKNOWN Sep 16, 2020