threat
engine
.sh
Back
·
··:··
Home
/
Product
/
jenkins blue ocean
Product
jenkins blue ocean
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-40341
<= 1.27.5
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to a
8.8
HIGH
CVE-2022-30954
<= 1.25.3
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers wit
6.5
MEDIUM
CVE-2022-30953
<= 1.25.3
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to a
6.5
MEDIUM
CVE-2022-30952
<= 1.25.3
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credent
6.5
MEDIUM
CVE-2020-2255
<= 1.23.2
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connec
4.3
MEDIUM
CVE-2020-2254
<= 1.23.2
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job
6.5
MEDIUM
CVE-2019-1003013
<= 1.10.1
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/i
5.4
MEDIUM
CVE-2019-1003012
<= 1.10.1
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartu
6.5
MEDIUM
CVE-2017-1000110
<= 1.1.5
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and b
4.3
MEDIUM
CVE-2017-1000106
<= 1.1.5
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and b
8.5
HIGH
CVE-2017-1000105
<= 1.1.5
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission b
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin