Warnings Plugin

Source repositories

CVE	Vendor / Product	CVSS	Published	Description
CVE-2023-46651	Jenkins Project Warnings Plugin	—	Oct 25, 2023	Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
CVE-2020-2280	Jenkins Project Warnings Plugin	—	Sep 23, 2020	A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
CVE-2019-10325	Jenkins Project Warnings Plugin	—	May 31, 2019	A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
CVE-2019-10326	Jenkins Project Warnings Plugin	—	May 31, 2019	A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2019-1003007	Jenkins Project Warnings Plugin	—	Feb 6, 2019	A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.

CVE-2023-46651Oct 25, 2023
Jenkins Project
Warnings Plugin
risk 0.00cvss —epss 0.00
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
CVE-2020-2280Sep 23, 2020
Jenkins Project
Warnings Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
CVE-2019-10325May 31, 2019
Jenkins Project
Warnings Plugin
risk 0.00cvss —epss 0.00
A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.
CVE-2019-10326May 31, 2019
Jenkins Project
Warnings Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds.
CVE-2019-1003007Feb 6, 2019
Jenkins Project
Warnings Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.