Jul 12, 2023 · Datadog Plugin 5.4.2 requires Overall/Administer permission to access the affected HTTP endpoint. Missing permission check in SAML Single Sign On(SSO) Plugin.

Sep 20, 2023 · Jenkins 2.424, LTS 2.414.2 excludes sensitive variables from this search. Stored XSS vulnerability. SECURITY-3245 / CVE-2023-43495. Severity (CVSS): High

May 2, 2024 · Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH. This allows attackers with a ...

Jun 14, 2023 · 3.1 defines the appropriate context for credentials lookup. Stored XSS vulnerability in Maven Repository Server Plugin. SECURITY-3156 / CVE-2023-35143. Severity ...

Feb 14, 2024 · In order to create this user, you can go to Manage Jenkins -> Configure Global Security -> Security Realm -> Jenkins' own user database [enable Allow users to ...

Sep 6, 2023 · This allows attackers with Item/Configure permission to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the ...

Mar 6, 2024 · Attackers with Item/Configure permission can use them to determine whether a path on the Jenkins controller file system exists, without being able to access it.

Dec 13, 2023 · This allows attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. Scriptler Plugin 344.v5a_ddb_5f9e685 ...