Every CVE whose affected-product data names Jenkins Fortify, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-2107 — CVSS 4.3 (medium): Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where…
CVE-2022-25188 — CVSS 4.3 (medium): Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing…
CVE-2023-4303 — CVSS 4.3 (medium): Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection…
CVE-2023-4301 — CVSS 4.2 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an…
CVE-2023-4302 — CVSS 4.2 (medium): A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an…