Job Import Plugin

Source repositories

https://github.com/jenkinsci/job-import-plugin

CVEs (5)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2026-48926	Jenkins Project Job Import Plugin	—	—	May 27, 2026	Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-43413	Jenkins Project Job Import Plugin	—	0.01	Oct 19, 2022	Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2019-1003015	Jenkins Project Job Import Plugin	—	0.00	Feb 6, 2019	An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of…
CVE-2019-1003016	Jenkins Project Job Import Plugin	—	0.00	Feb 6, 2019	An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,…
CVE-2019-1003017	Jenkins Project Job Import Plugin	—	0.00	Feb 6, 2019	A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's…

CVE-2026-48926May 27, 2026
Jenkins Project
Job Import Plugin
risk 0.00cvss —epss —
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-43413Oct 19, 2022
Jenkins Project
Job Import Plugin
risk 0.00cvss —epss 0.01
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2019-1003015Feb 6, 2019
Jenkins Project
Job Import Plugin
risk 0.00cvss —epss 0.00
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of…
CVE-2019-1003016Feb 6, 2019
Jenkins Project
Job Import Plugin
risk 0.00cvss —epss 0.00
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,…
CVE-2019-1003017Feb 6, 2019
Jenkins Project
Job Import Plugin
risk 0.00cvss —epss 0.00
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's…