BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Multiple Critical Vulnerabilities Detected in Jenkins

Multiple Critical Vulnerabilities Detected in Jenkins

BRANDEFENSE
Security News
04/07/2022

Last updated on August 9th, 2022 at 02:19 am

Multiple vulnerabilities have been detected in Jenkins – an open-source software developed with Java to automate the Continuous Integration process – allowing threat actors to perform XSS and CSRF attacks. Jenkins continually develops and tests software projects, making it easy for developers to integrate changes into the project.

Details of the vulnerabilities rated as critical are given below;

  • The vulnerability, tracked as CVE-2022-34784, is a cross-site scripting (XSS) vulnerability that affects the build-metrics plugin used by Jenkins and can be exploited by threat actors with build/update permissions.
  • CVE-2022-34787 is a cross-site scripting (XSS) vulnerability found in the Project Inheritance plugin used by Jenkins.
  • CVE-2022-34788 is a cross-site scripting (XSS) execution vulnerability found in the Matrix Reloaded plugin used by Jenkins.
  • CVE-2022-34790 is a cross-site scripting (XSS) vulnerability found in the eXtreme Feedback Panel plugin used by Jenkins.
  • The vulnerability tracked as CVE-2022-34792 is found in the Recipe plugin used by Jenkins and allows threat actors to perform cross-site request forgery (CSRF) and XXE (XML External Entity) injection attacks on the affected system.
  • The vulnerability tracked as CVE-2022-34791 resides in the Email Parameter plugin used by Jenkins and allows threat actors to perform cross-site scripting (XSS) attacks on affected installations.
  • CVE-2022-34783 is a cross-site scripting (XSS) vulnerability found in the Plot plugin used by Jenkins.
  • CVE-2022-34777 is a stored cross-site scripting (XSS) vulnerability found in the GitLab plugin used by Jenkins.
  • CVE-2022-34786 is a cross-site scripting (XSS) vulnerability found in the Rich Text Publisher plugin used by Jenkins.
  • CVE-2022-34778 is a cross-site scripting (XSS) vulnerability found in the TestNG Results plugin used by Jenkins.
  • CVE-2022-34795 is a stored cross-site scripting (XSS) vulnerability found in the Deployment Dashboard plugin used by Jenkins.

An update that fixes the security vulnerabilities detected in these Jenkins plugins has not been released yet. Successful exploitation of vulnerabilities can allow remote threat actors to obtain sensitive information, change the web page’s appearance, and carry out phishing attacks. In this context, it is recommended to follow the updates that fix the vulnerabilities and apply them immediately if they are published.

CVE-2022-34777 CVE-2022-34778 CVE-2022-34783 CVE-2022-34784 CVE-2022-34786 CVE-2022-34787 CVE-2022-34788 CVE-2022-34790 CVE-2022-34791 CVE-2022-34792 CVE-2022-34795 Jenkins
Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • What is Supply Chain Security?
    What is Supply Chain Security?
  • Godfather Android Banking Trojan Technical Analysis
    Godfather Android Banking Trojan Technical Analysis
  • Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
    Celebrating a Milestone: Brandefense Earns a Spot on Fast Company Turkey’s Top 100 Start-Up List
  • Perspective of the Month | Anonymous Sudan | June – July 2023
    Perspective of the Month | Anonymous Sudan | June – July 2023
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

Top Deep Web Monitoring Tools

top deep web monitoring tools
gitlab june vulnerability releases
Next post

GitLab Releases Security Updates Fixing Critical Vulnerabilities

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close