VYPR

Jenkins Build Metrics Plugin

by Jenkins Project

CVEs (4)

  • CVE-2019-10475MedOct 23, 2019
    risk 0.47cvss 6.1epss 0.58

    A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

  • CVE-2022-34784MedJun 30, 2022
    risk 0.35cvss 5.4epss 0.01

    Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.

  • CVE-2022-20621MedJan 12, 2022
    risk 0.29cvss 5.5epss 0.00

    Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

  • CVE-2022-34785MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.01

    Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.