VYPR

Blue Ocean Plugins

by Jenkins Project

Source repositories

CVEs (10)

  • CVE-2017-1000106HigOct 5, 2017
    Jenkins Project
    Blue Ocean Plugins
    risk 0.55cvss 8.5epss 0.00

    Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing…

  • CVE-2017-1000105MedOct 5, 2017
    Jenkins Project
    Blue Ocean Plugins
    risk 0.34cvss 5.3epss 0.00

    The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.

  • CVE-2017-1000110MedOct 5, 2017
    Jenkins Project
    Blue Ocean Plugins
    risk 0.28cvss 4.3epss 0.00

    Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and…

  • CVE-2023-40341Aug 16, 2023
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.

  • CVE-2022-30954May 17, 2022
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.00

    Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

  • CVE-2022-30953May 17, 2022
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.

  • CVE-2020-2255Sep 16, 2020
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.00

    A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

  • CVE-2020-2254Sep 16, 2020
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.02

    Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

  • CVE-2019-1003012Feb 6, 2019
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.00

    A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js,…

  • CVE-2019-1003013Feb 6, 2019
    Jenkins Project
    Blue Ocean Plugins
    risk 0.00cvss epss 0.00

    An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java,…