Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Scm Plugin Security Vulnerabilities

cve
cve

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

6.5CVSS

6.2AI Score

0.001EPSS

2022-09-21 04:15 PM
54
5
cve
cve

CVE-2022-41249

A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS

8.6AI Score

0.001EPSS

2022-09-21 04:15 PM
48
5
cve
cve

CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in...

6.5CVSS

6.3AI Score

0.001EPSS

2022-05-17 03:15 PM
571
6
cve
cve

CVE-2020-2189

Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution...

8.8CVSS

8.9AI Score

0.008EPSS

2020-05-06 01:15 PM
40
cve
cve

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file...

6.5CVSS

6.4AI Score

0.001EPSS

2020-02-12 03:15 PM
37
cve
cve

CVE-2020-2131

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file...

6.5CVSS

6.4AI Score

0.001EPSS

2020-02-12 03:15 PM
45
cve
cve

CVE-2019-10375

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins...

6.5CVSS

6.3AI Score

0.001EPSS

2019-08-07 03:15 PM
19
cve
cve

CVE-2017-1000093

Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as...

8.8CVSS

8.5AI Score

0.001EPSS

2017-10-05 01:29 AM
38
cve
cve

CVE-2016-6299

The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec...

7.8CVSS

7.3AI Score

0.002EPSS

2017-04-14 06:59 PM
21