📦

support_core

Vendor: jenkins

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 0.26% Exploit Prob.

Latest CVE CVE-2022-45383 Nov 15

Security Vulnerability Index

Page 1 / 1

6.5 CVSS

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

EPSS: 0.75%

Severity: MEDIUM

Nov 15, 2022

6.5 CVSS

CVE-2022-25187

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

EPSS: 0.10%

Severity: MEDIUM

Feb 15, 2022

5.3 CVSS

CVE-2021-21621

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

EPSS: 0.05%

Severity: MEDIUM

Feb 24, 2021

6.5 CVSS

CVE-2019-16540

A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.

EPSS: 0.36%

Severity: MEDIUM

Nov 21, 2019

6.5 CVSS

CVE-2019-16539

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.

EPSS: 0.03%

Severity: MEDIUM

Nov 21, 2019

Displaying 5 of 5 Total Entries

Total 1 Sections