Homepage

jenkins-2-plugins vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the jenkins-2-plugins package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
CVE-2023-40339

*
  • M
Information Exposure

*
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Open Redirect

*
  • H
Session Fixation

*
  • M
Improper Certificate Validation

*
  • M
Missing Authorization

*
  • H
Cross-site Scripting (XSS)

*
  • M
CVE-2023-32261

*
  • M
Incorrect Permission Assignment for Critical Resource

*
  • M
CVE-2023-32262

*
  • M
Missing Authorization

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Files or Directories Accessible to External Parties

*
  • M
Out-of-bounds Write

*
  • M
Resource Exhaustion

*
  • M
Uncontrolled Recursion

*
  • H
Directory Traversal

*
  • H
Cross-site Scripting (XSS)

*
  • H
Reversible One-Way Hash

*
  • C
Protection Mechanism Failure

*
  • M
Information Exposure

*
  • M
Inappropriate Encoding for Output Context

*
  • M
Cross-site Scripting (XSS)

*
  • C
Protection Mechanism Failure

*
  • C
Protection Mechanism Failure

*
  • C
Protection Mechanism Failure

*
  • C
Protection Mechanism Failure

*
  • H
Inappropriate Encoding for Output Context

*
  • M
Insufficiently Protected Credentials

*
  • C
Protection Mechanism Failure

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Missing Authorization

*
  • M
Missing Authorization

*
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Directory Traversal

*
  • M
Information Exposure

*
  • M
Information Exposure

*
  • H
Key Exchange without Entity Authentication

*
  • M
Cross-site Scripting (XSS)

*
  • H
Cross-site Scripting (XSS)

*
  • H
Interaction Error

*
  • M
Files or Directories Accessible to External Parties

*
  • H
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Files or Directories Accessible to External Parties

*
  • L
Cross-site Scripting (XSS)

*
  • M
Link Following

*
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Authentication Bypass

*
  • H
Incorrect Behavior Order: Early Validation

*
  • H
Incorrect Behavior Order: Early Validation

*
  • L
Race Condition

*
  • M
Link Following

*
  • M
Link Following

*
  • H
Incorrect Behavior Order: Early Validation

*
  • H
OS Command Injection

*
  • M
Information Exposure

*
  • M
Insufficiently Protected Credentials

*
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Cross-site Scripting (XSS)

*
  • M
Missing Authorization

*
  • M
Link Following

*
  • L
Incorrect Permission Assignment for Critical Resource

*
  • M
Cross-site Scripting (XSS)

*
  • L
Information Exposure

*
  • L
Insufficiently Protected Credentials

*
  • H
OS Command Injection

*
  • H
OS Command Injection

*
  • H
OS Command Injection

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Missing Authorization

*
  • M
Deserialization of Untrusted Data

*
  • M
Directory Traversal

*
  • M
Information Exposure

*
  • H
Improper Verification of Cryptographic Signature

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improper Preservation of Permissions

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Improper Check for Dropped Privileges

*
  • M
Cross-site Scripting (XSS)

*
  • H
XML External Entity (XXE) Injection

*
  • M
Improper Preservation of Permissions

*
  • M
Missing Authorization

*
  • M
Improper Validation of Certificate with Host Mismatch

*
  • M
Improper Authorization

*
  • M
Missing Authorization

*
  • M
Information Exposure

*
  • M
Missing Authorization

*
  • M
Missing Authorization

*
  • M
Directory Traversal

*
  • M
Static Code Injection

*
  • M
Insufficiently Protected Credentials

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Insufficiently Protected Credentials

*
  • M
Cross-site Request Forgery (CSRF)

*
  • H
Deserialization of Untrusted Data

*
  • M
Improper Access Control

*
  • H
Improper Input Validation

*
  • H
Incorrect Type Conversion or Cast

*
  • M
Deserialization of Untrusted Data

*
  • M
CVE-2022-33980

*
  • M
Cross-site Scripting (XSS)

*
  • H
Improper Input Validation

*
  • M
Cross-site Scripting (XSS)

*
  • C
Arbitrary Code Injection

*
  • M
XML External Entity (XXE) Injection

*
  • H
Incomplete Blacklist

*
  • M
Insufficiently Protected Credentials

*
  • H
Cross-site Scripting (XSS)

*
  • H
Cross-site Scripting (XSS)

*
  • H
Cross-site Scripting (XSS)

*
  • M
Information Exposure

*
  • H
XML External Entity (XXE) Injection

*
  • H
XML External Entity (XXE) Injection

*
  • M
Cross-site Scripting (XSS)

*
  • H
Arbitrary Code Injection

*
  • H
Incorrect Authorization

*
  • M
Cross-site Scripting (XSS)

*
  • H
Improper Input Validation

*
  • H
Improper Input Validation

*
  • H
Arbitrary Code Injection

*
  • M
Improper Input Validation

*
  • M
Improper Certificate Validation

*
  • M
Out-of-bounds Write

*
  • M
Out-of-bounds Write

*
  • H
Improper Input Validation

*
  • M
Stack-based Buffer Overflow

*
  • L
Resource Exhaustion

*
  • M
Deserialization of Untrusted Data

*
  • M
Deserialization of Untrusted Data

*
  • M
Out-of-bounds Write

*
  • H
Resource Exhaustion

*
  • H
Arbitrary Command Injection

*
  • M
Information Exposure

*