) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- CPE Product Version: cpe:/a:jenkins:job_import:3.0::~~~jenkins~~
There are 2 matching records.
Displaying matches 1 through 2.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-43413 |
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Published: October 19, 2022; 12:15:10 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2019-1003017 |
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. Published: February 06, 2019; 11:29:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 2.6 LOW |