Jenkins Plugin Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Script Security Plugin20
Configuration as Code Plugin9
Groovy Plugin8
Shared Groovy Libraries Plugin8
Active Directory Plugin8

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix10
Temporary Fix0
Workaround0
Unavailable0
Not Defined842

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept3
Unproven0
Not Defined849

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical1
Local76
Adjacent199
Network576

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High7
Low649
None196

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required293
None559

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤21
≤34
≤4137
≤5228
≤6271
≤7128
≤869
≤914
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤21
≤34
≤4137
≤5229
≤6271
≤7128
≤868
≤914
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤37
≤4315
≤5222
≤6133
≤7145
≤829
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤49
≤5127
≤6134
≤7154
≤851
≤9147
≤1020

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k394
<2k291
<5k167
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k701
<2k150
<5k1
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (453): 360 FireLine Plugin, Absint Astree Plugin, AccuRev Plugin, Active Choices Plugin, Active Directory Plugin, Agent Server Parameter Plugin, Agiletestware Pangolin Connector for TestRail Plugin, Alauda DevOps Pipeline Plugin, Amazon EC2 Plugin, Amazon SNS Build Notifier Plugin, Android Lint Plugin, Android Signing Plugin, Ansible Plugin, Ansible Tower Plugin, Ant Plugin, Applatix Plugin, Application Detector Plugin, Apprenda Plugin, AppSpider Plugin, Aqua MicroScanner Plugin, Aqua Security Serverless Scanner Plugin, Arquillian Steps Plugin, Artifactory Plugin, Artifact Repository Parameter Plugin, Assembla Auth Plugin, Assembla Plugin, Audit to Database Plugin, Audit Trail Plugin, Autocomplete Parameter Plugin, autonomiq Plugin, Avatar Plugin, aws-device-farm Plugin, AWSEB Deployment Plugin, AWS CloudWatch Logs Publisher Plugin, AWS CodeBuild Plugin, AWS CodeDeploy Plugin, AWS CodePipeline Plugin, AWS Elastic Beanstalk Publisher Plugin, AWS SAM Plugin, Azure AD Plugin, Azure Event Grid Build Notifier Plugin, Azure PublisherSettings Credentials Plugin, Azure VM Agents Plugin, Backlog Plugin, Badge Plugin, Batch Task Plugin, Beaker Builder Plugin, BigPanda Notifier Plugin, Bitbucket Approve Plugin, Bitbucket Branch Source Plugin, Bitbucket OAuth Plugin, Bitbucket Server Integration Plugin, Black Duck Detect Plugin, Black Duck Hub Plugin, Blue Ocean Plugin, BMC Release Package, Brakeman Plugin, Buckminster Plugin, build-metrics Plugin, Build-Publisher Plugin, buildgraph-view Plugin, Build Environment Plugin, Build Failure Analyzer Plugin, Build Notifications Plugin, Build Pipeline Plugin, Build Step Plugin, Build with Parameters Plugin, Bumblebee HP ALM Plugin, Cadence vManager Plugin, Caliper CI Plugin, Call Remote Job Plugin, CAS Plugin, CCM Plugin, Chaos Monkey Plugin, Checkmarx Plugin, Checkstyle Plugin, Chef Sinatra Plugin, chosen-views-tabbar Plugin, Cisco Spark Plugin, Claim Plugin, ClearCase Release Plugin, CloudBees AWS Credentials Plugin, CloudBees CD Plugin, CloudCoreo DeployTime Plugin, Cobertura Plugin, Codefresh Integration Plugin, CodeScan Plugin, CollabNet Plugin, Compact Columns Plugin, Compatibility Action Storage Plugin, Complexity Scatter Plot Plugin, computer-queue-plugin, Compuware Common Configuration Plugin, Compuware ISPW Operations Plugin, Compuware Source Code Download, Compuware Topaz Utilities Plugin, Compuware Xpediter Code Coverage Plugin, Configuration as Code Plugin, Configuration Slicing Plugin, Config File Provider Plugin, Confluence Publisher Plugin, Conjur Secrets Plugin, CONS3RT Plugin, Continuous Integration with Toad Edge Plugin, Convertigo Mobile Platform Plugin, Copr Plugin, Copy Artifact Plugin, Copy Data to Workspace Plugin, Copy To Slave Plugin, couchdb-statistics Plugin, Coverage-Complexity Scatter Plot Plugin, Coverity Plugin, CppNCSS Plugin, Credentials Binding Plugin, Credentials Plugin, crittercism-dsym Plugin, Crowd 2 Integration Plugin, Crowd 2 Intergration Plugin, Crowd Integration Plugin, CRX Content Package Deployer Plugin, CryptoMove Plugin, Cucumber Living Documentation Plugin, Custom Checkbox Parameter Plugin, Custom Job Icon Plugin, CVS Plugin, Dashboard View Plugin, Database Plugin, Data Theorem CI-CD Plugin, Date Parameter Plugin, dbCharts Plugin, Debian Package Builder Plugin, Delivery Pipeline Plugin, Delphix Plugin, Dependency Graph Viewer Plugin, Deployer Framework Plugin, DeployHub Plugin, Deployment Dashboard Plugin, Deployment Plugin, Description Column Plugin, Diawi Upload Plugin, DigitalOcean Plugin, Dingding Plugin, Distributed Fork Plugin, Doktor Plugin, DotCi Plugin, DRY Plugin, Dynamic Extended Choice Parameter Plugin, Dynatrace Application Monitoring Plugin, Eagle Tester Plugin, EasyQA Plugin, ECS Publisher Plugin, ECX Copy Data Management Plugin, eggPlant Plugin, ElasTest Plugin, ElasticBox CI Plugin, Elasticsearch Query Plugin, ElectricFlow Plugin, elOyente Plugin, Email Extension Plugin, Email Extension Template Plugin, Embeddable Build Status Plugin, Environment Dashboard Plugin, Extended Choice Parameter Plugin, External Monitor Job Type Plugin, Extra Columns Plugin, Fabric Beta Publisher Plugin, Failed Job Deactivator Plugin, Favorite Plugin, Filesystem List Parameter Plugin, Filesystem Trigger Plugin, Files Found Trigger Plugin, FindBugs Plugin, FitNesse Plugin, Flaky Test Handler Plugin, Folder-based Authorization Strategy Plugin, Fortify CloudScan Plugin, Fortify on Demand Plugin, Fortify on Demand Uploader Plugin, Fortify Plugin, FTP Publisher Plugin, Gatling Plugin, Gearman Plugin, Gem Publisher Plugin, Generic Webhook Trigger Plugin, Gerrit Trigger Plugin, Gitea Plugin, global-build-stats Plugin, Global Post Script Plugin, Global Variable String Parameter Plugin, Gogs Plugin, Google Compute Engine Plugin, Google Login Plugin, Google OAuth Credentials Plugin, Google Play Android Publisher Plugin, Groovy Plugin, Groovy Postbuild Plugin, HashiCorp Vault Plugin, Health Advisor by CloudBees Plugin, Hidden Parameter Plugin, Hipchat Plugin, HockeyApp Plugin, HP ALM Quality Center Plugin, HTML Publisher Plugin, HTTP Request Plugin, Hyper.sh Commons Plugin, iceScrum Plugin, Image Tag Parameter Plugin, Implied Labels Plugin, Incapptic Connect Uploader Plugin, Inedo BuildMaster Plugin, Inedo ProGet Plugin, InfluxDB Plugin, instant-messaging Plugin, Jabber Notifier and Control Plugin, Jabber Server Plugin, JClouds Plugin, JenkinsAppDynamics Dashboard Plugin, Jianliao Notification Plugin, Jigomerge Plugin, jira-ext Plugin, JiraTestResultReporter Plugin, Jira Issue Updater Plugin, Jira Plugin, JMS Messaging Plugin, Job, Job and Node Ownership Plugin, Job Configuration History Plugin, Job Config History Plugin, Job Generator Plugin, Job Import Plugin, JSGames Plugin, JUnit Plugin, JX Resources Plugin, Kanboard Plugin, Kiuwan Plugin, Klaros-Testmanagement Plugin, Klocwork Analysis Plugin, Kmap Plugin, Koji Plugin, Link Column Plugin, Liquibase Runner Plugin, Literate Plugin, Lockable Resources Plugin, Logstash Plugin, Log Parser Plugin, Lucene-Search Plugin, mabl Plugin, Mac Plugin, Mailer Plugin, Mail Commander Plugin for Jenkins-ci Plugin, Markdown Formatter Plugin, Mashup Portlets Plugin, Mask Passwords Plugin, Matrix Authorization Strategy Plugin, Matrix Reloaded Plugin, Mattermost Notification Plugin, Maven Artifact ChoiceListProvider Plugin, Maven Cascade Release Plugin, Maven Integration Plugin, Maven Metadata Plugin for Jenkins CI Server, Maven Plugin, Maven Release Plugin, meliora-testlab Plugin, Mercurial Plugin, Mesos Plugin, Metrics Plugin, Minio Storage Plugin, Mission Control Plugin, Monitoring plugin, Multibranch Plugin, Multijob Plugin, Multiselect Parameter Plugin, NeoLoad Plugin, Nerrvana Plugin, Nested View Plugin, NeuVector Vulnerability Scanner Plugin, Node and Label Parameter Plugin, Node Ownership Plugin, Nomad Plugin, NS-ND Integration Performance Publisher Plugin, Nuget Plugin, NUnit Plugin, OctopusDeploy Plugin, Official OWASP ZAP Plugin, ontrack Plugin, OpenId Connect Authentication Plugin, openid Plugin, Open STF Plugin, OpsGenie Plugin, OWASP Dependency-Check Plugin, OWASP Dependency-Track Plugin, P4 Plugin, Package Version Plugin, PAM Authentication Plugin, Parameterized Remote Trigger Plugin, Parameterized Trigger Plugin, Parasoft Environment Manager Plugin, Parasoft Findings Plugin, PegDown Formatter Plugin, Perfecto Mobile Plugin, Perfecto Plugin, Perforce Plugin, Performance Plugin, Persona Plugin, Pipeline Aggregator View Plugin, Pipeline: AWS Steps Plugin, Pipeline: Classpath Step Plugin, Pipeline Groovy Plugin, Pipeline Input Step Plugin, Pipeline Maven Integration Plugin, Pipeline Phoenix AutoTest Plugin, Pipeline Remote Loader Plugin, Pipeline: Supporting APIs Plugin, Play Framework Plugin, Plot Plugin, Plugin Installation Manager Tool, PMD Plugin, pom2config Plugin, Port Allocator Plugin, Promoted Builds Plugin, Proxmox Plugin, PRQA Plugin, Publisher Over CIFS Plugin, Publish over FTP Plugin, Quality Gates Plugin, Queue Cleanup Plugin, RadarGun Plugin, Radiator View Plugin, Random String Parameter Plugin, RapidDeploy Plugin, Readonly Parameter Plugin, Rebuilder Plugin, Recipe Plugin, Release Helper Plugin, Release Plugin, Relution Enterprise Appstore Publisher Plugin, Repository Connector Plugin, REPO Plugin, requests-plugin, Request Rename Or Delete Plugin, Resource Disposer Plugin, REST List Parameter Plugin, rhnpush-plugin Plugin, Rich Text Publisher Plugin, Robert Sandell and Tomas Westling Build Failure Analyzer Plugin, Robot Framework Plugin, RocketChat Notifier Plugin, Role-based Authorization Strategy Plugin, rpmsign-plugin, RQM Plugin, Rundeck Plugin, S3 Plugin, S3 Publisher Plugin, S3 publisher Plugin, SaltStack Plugin, Sametime Plugin, SAML Plugin, Sauce OnDemand Plugin, SCP Publisher Plugin, Scriptler Plugin, Script Security Plugin, SCTMExecutor Plugin, Security Inspector Plugin, Selection Tasks Plugin, Selection tasks Plugin, Selenium Plugin, Self-Organizing Swarm Plug-in Modules Plugin, Serena SRA Deploy Plugin, Shared Groovy Libraries Plugin, Shared Objects Plugin, Simple Travis Pipeline Runner Plugin, SiteMonitor Plugin, SmallTest Plugin, SMS Notification Plugin, Snow Commander Plugin, SOASTA CloudTest Plugin, Sonargraph Integration Plugin, SonarQube Scanner Plugin, Sonarsource Jenkins Plugin, Sonar Gerrit Plugin, Sounds Plugin, SourceGear Vault Plugin, Speaks! Plugin, Spira Importer Plugin, Squash TM Publisher Plugin, StarTeam Plugin, Stash Branch Parameter Plugin, Static Analysis Utilities Plugin, Storable Configs Plugin, Subversion Partial Release Manager Plugin, Subversion Plugin, Subversion Release Manager Plugin, Support Core Plugin, SWAMP Plugin, Swarm Plugin Client, TAP Plugin, Team Concert Plugin, Team Foundation Server, Team Foundation Server Plugin, Team Views Plugin, Templating Engine Plugin, TestFairy Plugin, TestLink Plugin, TestNG Results Plugin, Tests Selector Plugin, ThreadFix Plugin, TICS Plugin, Timestamper Plugin, Tinfoil Security Plugin, Token Macro Plugin, TraceTronic ECU-TEST Plugin, Trac Publisher Plugin, Translation Assistance Plugin, Upload to pgyer Plugin, URLTrigger Plugin, useMango Runner Plugin, Valgrind Plugin, Validating Email Parameter Plugin, Validating String Parameter Plugin, vboxwrapper Plugin, veracode-scanner Plugin, vFabric Application Director Plugin, Visualizer Plugin, Visualworks Store Plugin, VMware Lab Manager Slaves Plugin, Vmware vRealize CodeStream Plugin, VncRecorder Plugin, VncViewer Plugin, vRealize Orchestrator Plugin, vSphere Plugin, VS Team Services Continuous Deployment Plugin, Wall Display Plugin, Walti Plugin, Warnings Next Generation Plugin, Warnings NG Plugin, Warnings Plugin, WebSphere Deployer Plugin, Weibo Plugin, White Source Plugin, WMI Windows Agents Plugin, Worksoft Execution Manager Plugin, Xcode Integration Plugin, XebiaLabs XL Deploy Plugin, XebiaLabs XL Release Plugin, XL TestView Plugin, XPath Configuration Viewer Plugin, xUnit Plugin, Yaml Axis Plugin, youtrack-plugin Plugin, ZAP Pipeline Plugin, Zephyr Enterprise Test Management Plugin, zOS Connector Plugin, Zulip Plugin

PublishedBaseTempVulnerabilityProductExpRemCTICVE
09/23/20226.56.5CONS3RT Plugin cross-site request forgeryCONS3RT PluginNot DefinedNot Defined0.07CVE-2022-41253
09/23/20226.56.5Worksoft Execution Manager Plugin cross-site request forgeryExecution Manager PluginNot DefinedNot Defined0.07CVE-2022-41245
09/23/20224.44.4Walti Plugin API Response cross site scriptingWalti PluginNot DefinedNot Defined0.00CVE-2022-41240
09/23/20226.56.5Security Inspector Plugin Session Cache report cross-site request forgerySecurity Inspector PluginNot DefinedNot Defined0.07CVE-2022-41236
09/23/20226.16.1Build-Publisher Plugin API Endpoint config.xml cross-site request forgeryBuild-Publisher PluginNot DefinedNot Defined0.07CVE-2022-41232
09/23/20224.44.4NS-ND Integration Performance Publisher Plugin Test cross site scriptingNS-ND Integration Performance Publisher PluginNot DefinedNot Defined0.00CVE-2022-41229
09/23/20226.56.5NS-ND Integration Performance Publisher Plugin cross-site request forgeryNS-ND Integration Performance Publisher PluginNot DefinedNot Defined0.07CVE-2022-41227
09/22/20225.55.5RQM Plugin XML Parser xml external entity referenceRQM PluginNot DefinedNot Defined0.00CVE-2022-41241
09/22/20225.55.5Compuware Common Configuration Plugin XML Parser xml external entity referenceCompuware Common Configuration PluginNot DefinedNot Defined0.04CVE-2022-41226
09/22/20223.53.5CONS3RT Plugin API Token config.xml credentials storageCONS3RT PluginNot DefinedNot Defined0.05CVE-2022-41255
09/22/20223.13.1CONS3RT Plugin Credentials authorizationCONS3RT PluginNot DefinedNot Defined0.00CVE-2022-41254
09/22/20223.53.5CONS3RT Plugin Credentials authorizationCONS3RT PluginNot DefinedNot Defined0.08CVE-2022-41252
09/22/20223.53.5Apprenda Plugin Credentials authorizationApprenda PluginNot DefinedNot Defined0.00CVE-2022-41251
09/22/20222.02.0BigPanda Notifier Plugin API Key missing password field maskingBigPanda Notifier PluginNot DefinedNot Defined0.04CVE-2022-41248
09/22/20223.53.5BigPanda Notifier Plugin API Key credentials storageBigPanda Notifier PluginNot DefinedNot Defined0.04CVE-2022-41247
09/22/20225.05.0Worksoft Execution Manager Plugin authorizationExecution Manager PluginNot DefinedNot Defined0.00CVE-2022-41246
09/22/20223.53.5DotCi Plugin Notification cross site scriptingDotCi PluginNot DefinedNot Defined0.00CVE-2022-41239
09/22/20225.55.5Rundeck Plugin authorizationRundeck PluginNot DefinedNot Defined0.00CVE-2022-41234
09/22/20223.53.5Rundeck Plugin HTTP Endpoint authorizationRundeck PluginNot DefinedNot Defined0.04CVE-2022-41233
09/22/20225.55.5Build-Publisher Plugin File config.xml path traversalBuild-Publisher PluginNot DefinedNot Defined0.00CVE-2022-41231
09/22/20223.53.5Build-Publisher Plugin HTTP Endpoint authorizationBuild-Publisher PluginNot DefinedNot Defined0.00CVE-2022-41230
09/22/20225.55.5NS-ND Integration Performance Publisher Plugin authorizationNS-ND Integration Performance Publisher PluginNot DefinedNot Defined0.00CVE-2022-41228
09/22/20225.65.6SmallTest Plugin certificate validationSmallTest PluginNot DefinedNot Defined0.00CVE-2022-41243
09/22/20225.55.5DotCi Plugin authorizationDotCi PluginNot DefinedNot Defined0.00CVE-2022-41238
09/22/20226.36.3DotCi Plugin YAML Parser deserializationDotCi PluginNot DefinedNot Defined0.00CVE-2022-41237

827 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!