Jenkins Promoted Builds — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Promoted Builds, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-29045 — CVSS 5.4 (medium): Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build…
CVE-2022-29049 — CVSS 5.4 (medium): Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL…
CVE-2022-30965 — CVSS 5.4 (medium): Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views…
CVE-2018-1000114 — CVSS 4.3 (medium): An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java…
CVE-2021-21641 — CVSS 4.3 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.