Every CVE whose affected-product data names Jenkins Rundeck, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-41234 — CVSS 8.8 (high): Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with…
CVE-2020-2144 — CVSS 7.1 (high): Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2019-16556 — CVSS 6.5 (medium): Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the…
CVE-2022-30956 — CVSS 5.4 (medium): Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site…
CVE-2019-10454 — CVSS 4.3 (medium): A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using…
CVE-2022-41233 — CVSS 4.3 (medium): Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers…
CVE-2019-10455 — CVSS 4.3 (medium): A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL…