📦

deployment_dashboard

Vendor: jenkins

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 6 Total Indexed

Avg. EPSS 1.73% Exploit Prob.

Latest CVE CVE-2023-50775 Dec 13

Security Vulnerability Index

Page 1 / 1

4.3 CVSS

CVE-2023-50775

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.

EPSS: 0.05%

Severity: MEDIUM

Dec 13, 2023

4.3 CVSS

CVE-2022-34799

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

EPSS: 0.33%

Severity: MEDIUM

Jun 30, 2022

4.3 CVSS

CVE-2022-34798

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

EPSS: 0.36%

Severity: MEDIUM

Jun 30, 2022

4.3 CVSS

CVE-2022-34797

A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials.

EPSS: 0.09%

Severity: MEDIUM

Jun 30, 2022

4.3 CVSS

CVE-2022-34796

A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

EPSS: 0.45%

Severity: MEDIUM

Jun 30, 2022

5.4 CVSS

CVE-2022-34795

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

EPSS: 9.09%

Severity: MEDIUM

Jun 30, 2022

Displaying 6 of 6 Total Entries

Total 1 Sections