📦

job_and_node_ownership

Vendor: jenkins

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 0.09% Exploit Prob.

Latest CVE CVE-2022-28152 Mar 29

Security Vulnerability Index

Page 1 / 1

4.3 CVSS

CVE-2022-28152

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.

EPSS: 0.14%

Severity: MEDIUM

Mar 29, 2022

4.3 CVSS

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.

EPSS: 0.02%

Severity: MEDIUM

Mar 29, 2022

8.8 CVSS

CVE-2022-28150

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.

EPSS: 0.05%

Severity: HIGH

Mar 29, 2022

5.4 CVSS

CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

EPSS: 0.21%

Severity: MEDIUM

Mar 29, 2022

6.5 CVSS

CVE-2018-1000107

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.

EPSS: 0.02%

Severity: MEDIUM

Mar 13, 2018

Displaying 5 of 5 Total Entries

Total 1 Sections