Jenkins 漏洞

时间轴

类型

产品

Jenkins HTML Publisher Plugin3
Jenkins docker-build-step Plugin2
Jenkins Subversion Partial Release Manager Plugin2
Jenkins Delphix Plugin2
Jenkins-ci Monitoring plugin2

修正

Official Fix4
Temporary Fix0
Workaround0
Unavailable0
Not Defined30

易受攻击性

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined34

访问向量

Not Defined0
Physical0
Local1
Adjacent12
Network21

身份验证

Not Defined0
High0
Low23
None11

用户交互

Not Defined0
Required15
None19

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤413
≤510
≤68
≤73
≤80
≤90
≤100

CVSSv3 Temp

≤10
≤20
≤30
≤413
≤510
≤68
≤73
≤80
≤90
≤100

VulDB

≤10
≤20
≤30
≤416
≤59
≤68
≤71
≤80
≤90
≤100

NVD

≤10
≤20
≤30
≤40
≤53
≤62
≤73
≤80
≤92
≤100

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

供应商

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

零日攻击

<1k8
<2k24
<5k2
<10k0
<25k0
<50k0
<100k0
≥100k0

本日攻击

<1k27
<2k7
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

攻击市场容量

🔴 CTI 活动

Affected Products (28): AWS Global Configuration Plugin (1), AppSpider Plugin (1), BearyChat Plugin (1), Bitbucket Branch Source Plugin (1), Blue Ocean Plugin (1), Build Monitor View Plugin (1), Delphix Plugin (2), Deploy WebLogic Plugin (1), Exclusion (1), GitBucket Plugin (1), HTML Publisher Plugin (3), MQ Notifier Plugin (1), Monitoring plugin (2), OWASP Dependency-Check Plugin (1), OWASP Dependency-Track Plugin (1), Promoted Builds Plugin (1), Realize Orchestrator Plugin (1), SQLPlus Script Runner Plugin (1), Sonar Quality Gates Plugin (1), Subversion-plugin (1), Subversion Partial Release Manager Plugin (2), Subversion Plugin (1), Support Core Plugin (1), Team Foundation Server Plugin (1), TestComplete Support Plugin (1), docker-build-step Plugin (2), iceScrum Plugin (1), update-center2 (1)

Link to Vendor Website: https://jenkins.io/

已发布BaseTemp漏洞Prod修正CTIEPSSCVE
2024-03-064.34.3Jenkins docker-build-step Plugin Connection Test 跨网站请求伪造Continuous Integration SoftwareNot DefinedNot Defined0.040.00043CVE-2024-2215
2024-03-065.55.5Jenkins Subversion Partial Release Manager Plugin 权限升级Continuous Integration SoftwareNot DefinedNot Defined0.030.00043CVE-2024-28159
2024-03-063.73.7Jenkins Delphix Plugin Data Control Tower Connection 弱身份验证Continuous Integration SoftwareNot DefinedNot Defined0.040.00043CVE-2024-28161
2024-03-063.53.5Jenkins Build Monitor View Plugin 跨网站脚本Continuous Integration SoftwareNot DefinedNot Defined0.020.00043CVE-2024-28156
2024-03-063.53.5Jenkins iceScrum Plugin Project URL 跨网站脚本Continuous Integration SoftwareNot DefinedNot Defined0.020.00043CVE-2024-28160
2024-03-064.34.3Jenkins Subversion Partial Release Manager Plugin 跨网站请求伪造Continuous Integration SoftwareNot DefinedNot Defined0.040.00043CVE-2024-28158
2024-03-063.53.5Jenkins GitBucket Plugin Job Configuration 跨网站脚本Continuous Integration SoftwareNot DefinedNot Defined0.020.00043CVE-2024-28157
2024-03-063.53.5Jenkins MQ Notifier Plugin Debug Information 信息公开Continuous Integration SoftwareNot DefinedNot Defined0.080.00043CVE-2024-28154
2024-03-063.53.5Jenkins OWASP Dependency-Check Plugin 跨网站脚本Continuous Integration SoftwareNot DefinedNot Defined0.080.00043CVE-2024-28153
2024-03-063.53.5Jenkins HTML Publisher Plugin 跨网站脚本Continuous Integration SoftwareNot DefinedNot Defined0.040.00043CVE-2024-28150

24 更多条目未显示

Interested in the pricing of exploits?

See the underground prices here!