Jenkins Monitor Remote Job Plugin
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45396 | Cri | 0.64 | 9.8 | 0.01 | Nov 15, 2022 | Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2023-37942 | Med | 0.42 | 6.5 | 0.01 | Jul 12, 2023 | Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2023-28684 | Med | 0.42 | 6.5 | 0.01 | Apr 2, 2023 | Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2019-10422 | Med | 0.42 | 6.5 | 0.01 | Sep 25, 2019 | Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||
| CVE-2019-10317 | Med | 0.38 | 5.9 | 0.01 | Apr 30, 2019 | Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||
| CVE-2022-28153 | Med | 0.35 | 5.4 | 0.01 | Mar 29, 2022 | Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2022-36886 | Med | 0.21 | 4.3 | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. | ||
| CVE-2025-31725 | 0.00 | — | 0.00 | Apr 2, 2025 | Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. |
- risk 0.64cvss 9.8epss 0.01
Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- risk 0.42cvss 6.5epss 0.01
Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- risk 0.42cvss 6.5epss 0.01
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- risk 0.42cvss 6.5epss 0.01
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- risk 0.38cvss 5.9epss 0.01
Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
- risk 0.35cvss 5.4epss 0.01
Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- risk 0.21cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.
- CVE-2025-31725Apr 2, 2025risk 0.00cvss —epss 0.00
Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.