MATLAB Plugin
CVEs (47)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2651 | Low | 0.24 | 3.7 | 0.02 | Jul 27, 2018 | jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in… | ||
| CVE-2023-41940 | 0.01 | — | 0.01 | Sep 6, 2023 | Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. | |||
| CVE-2023-49656 | 0.00 | — | 0.01 | Nov 29, 2023 | Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2023-49655 | 0.00 | — | 0.00 | Nov 29, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||
| CVE-2023-49654 | 0.00 | — | 0.01 | Nov 29, 2023 | Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | |||
| CVE-2023-41938 | 0.00 | — | 0.00 | Sep 6, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. | |||
| CVE-2023-37953 | 0.00 | — | 0.01 | Jul 12, 2023 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||
| CVE-2023-37952 | 0.00 | — | 0.00 | Jul 12, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||
| CVE-2023-37951 | 0.00 | — | 0.01 | Jul 12, 2023 | Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. | |||
| CVE-2023-37950 | 0.00 | — | 0.00 | Jul 12, 2023 | A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||
| CVE-2023-32997 | 0.00 | — | 0.01 | May 16, 2023 | Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. | |||
| CVE-2022-46682 | 0.00 | — | 0.01 | Dec 7, 2022 | Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-45400 | 0.00 | — | 0.01 | Nov 15, 2022 | Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-45395 | 0.00 | — | 0.01 | Nov 15, 2022 | Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-43415 | 0.00 | — | 0.01 | Oct 19, 2022 | Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-41241 | 0.00 | — | 0.01 | Sep 21, 2022 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-34810 | 0.00 | — | 0.01 | Jun 30, 2022 | A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||
| CVE-2022-34809 | 0.00 | — | 0.01 | Jun 30, 2022 | Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||
| CVE-2022-34783 | 0.00 | — | 0.80 | Jun 30, 2022 | Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||
| CVE-2022-30949 | 0.00 | — | 0.01 | May 17, 2022 | Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
- risk 0.24cvss 3.7epss 0.02
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in…
- CVE-2023-41940Sep 6, 2023risk 0.01cvss —epss 0.01
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.
- CVE-2023-49656Nov 29, 2023risk 0.00cvss —epss 0.01
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2023-49655Nov 29, 2023risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
- CVE-2023-49654Nov 29, 2023risk 0.00cvss —epss 0.01
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
- CVE-2023-41938Sep 6, 2023risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.
- CVE-2023-37953Jul 12, 2023risk 0.00cvss —epss 0.01
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
- CVE-2023-37952Jul 12, 2023risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
- CVE-2023-37951Jul 12, 2023risk 0.00cvss —epss 0.01
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
- CVE-2023-37950Jul 12, 2023risk 0.00cvss —epss 0.00
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-32997May 16, 2023risk 0.00cvss —epss 0.01
Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.
- CVE-2022-46682Dec 7, 2022risk 0.00cvss —epss 0.01
Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-45400Nov 15, 2022risk 0.00cvss —epss 0.01
Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-45395Nov 15, 2022risk 0.00cvss —epss 0.01
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-43415Oct 19, 2022risk 0.00cvss —epss 0.01
Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-41241Sep 21, 2022risk 0.00cvss —epss 0.01
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-34810Jun 30, 2022risk 0.00cvss —epss 0.01
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-34809Jun 30, 2022risk 0.00cvss —epss 0.01
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
- CVE-2022-34783Jun 30, 2022risk 0.00cvss —epss 0.80
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2022-30949May 17, 2022risk 0.00cvss —epss 0.01
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
Page 1 of 3