VIR Vulnerability Intelligence Relay

CVEs from 2022

5,373 normalized CVEs published or assigned in this year.

Total
5,373
critical
critical 92
high
high 1,230
medium
medium 950
low
low 24
% Critical
1.7%
% with KEV
2.4%
% with exploit
3.3%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-36905 unknown 4y ago Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
CVE-2022-36899 unknown 4y ago Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
CVE-2022-36913 unknown 4y ago Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation
CVE-2022-36914 unknown 4y ago Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system
CVE-2022-36915 unknown 4y ago Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents
CVE-2022-36889 unknown 4y ago Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment
CVE-2022-36897 unknown 4y ago Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
CVE-2022-36898 unknown 4y ago Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints
CVE-2022-36893 unknown 4y ago Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation
CVE-2022-36918 unknown 4y ago Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation
CVE-2022-36909 unknown 4y ago Missing permission check in Jenkins OpenShift Deployer Plugin
CVE-2022-36903 unknown 4y ago Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
CVE-2022-36896 unknown 4y ago Jenkins Compuware Source Code Download is missing authorization
CVE-2022-36894 unknown 4y ago Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
CVE-2022-36892 unknown 4y ago Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation
CVE-2022-36922 unknown 4y ago Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
CVE-2022-36912 unknown 4y ago Missing permission checks in Jenkins openstack-heat Plugin
CVE-2022-36901 unknown 4y ago Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
CVE-2022-36890 unknown 4y ago Jenkins Deployer Framework Plugin vulnerable to Path Traversal
CVE-2022-36917 unknown 4y ago Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup.
CVE-2022-36921 unknown 4y ago Missing permission check in Coverity Plugin allows capturing credentials
CVE-2022-36891 unknown 4y ago Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs
CVE-2022-34114 unknown 4y ago SQL Injection found in Dataease
CVE-2022-34113 unknown 4y ago Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
CVE-2022-34112 unknown 4y ago Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
CVE-2022-34115 unknown 4y ago Dataease v1.11.1 SQL Injection via parameter dataSourceId
CVE-2022-32430 unknown 4y ago Hardcoded JWT Token in Lin CMS Spring Boot
CVE-2022-35912 unknown 4y ago Grails framework Remote Code Execution via Data Binding
CVE-2022-31151 unknown 4y ago Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users us…
CVE-2022-31150 unknown 4y ago undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0…
CVE-2022-31159 unknown 4y ago Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
CVE-2022-31160 unknown 4y ago jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
CVE-2022-32065 unknown 4y ago RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
CVE-2022-30187 unknown 4y ago Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
CVE-2022-31139 unknown 4y ago UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()
CVE-2022-27772 unknown 4y ago Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
CVE-2022-28889 unknown 4y ago Apache Druid before 0.23.0 vulnerable to clickjacking
CVE-2022-2048 unknown 4y ago Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
CVE-2022-2191 unknown 4y ago Jetty SslConnection does not release pooled ByteBuffers in case of errors
CVE-2022-2047 unknown 4y ago Jetty invalid URI parsing may produce invalid HttpURI.authority
CVE-2022-32533 unknown 4y ago Insufficient user input in Apache Jetspeed-2
CVE-2022-31943 unknown 4y ago Unrestricted Upload of File with Dangerous Type in MCMS
CVE-2022-34815 unknown 4y ago Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin
CVE-2022-34804 unknown 4y ago Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
CVE-2022-34803 unknown 4y ago Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
CVE-2022-34813 unknown 4y ago Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability
CVE-2022-34809 unknown 4y ago Password stored in plain text by Jenkins RQM Plugin
CVE-2022-34814 unknown 4y ago Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
CVE-2022-34811 unknown 4y ago Missing Authorization in Jenkins XPath Configuration Viewer Plugin
CVE-2022-34816 unknown 4y ago Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
CVE-2022-34805 unknown 4y ago Plaintext Storage of a Password in Jenkins Skype notifier Plugin
CVE-2022-34817 unknown 4y ago Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin
CVE-2022-34812 unknown 4y ago Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
CVE-2022-34808 unknown 4y ago Token stored in plain text by Jenkins Cisco Spark Plugin
CVE-2022-34818 unknown 4y ago Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability
CVE-2022-34807 unknown 4y ago Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
CVE-2022-34806 unknown 4y ago Plaintext Storage of a Password in Jenkins Jigomerge Plugin
CVE-2022-34787 unknown 4y ago Jenkins Project Inheritance Plugin vulnerable to cross site scripting
CVE-2022-34801 unknown 4y ago Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
CVE-2022-34782 unknown 4y ago Incorrect Authorization in Jenkins requests-plugin
CVE-2022-34790 unknown 4y ago Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin
CVE-2022-34779 unknown 4y ago Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
CVE-2022-34780 unknown 4y ago CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
CVE-2022-34792 unknown 4y ago Cross-Site Request Forgery in Jenkins Recipe Plugin
CVE-2022-34796 unknown 4y ago Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials
CVE-2022-34784 unknown 4y ago Cross site scripting in Jenkins build-metrics Plugin
CVE-2022-34795 unknown 4y ago Cross-site Scripting in Jenkins Deployment Dashboard Plugin
CVE-2022-34793 unknown 4y ago XML External Entity Reference in Jenkins Recipe Plugin
CVE-2022-34778 unknown 4y ago Cross-site Scripting in Jenkins TestNG Results Plugin
CVE-2022-34789 unknown 4y ago Jenkins Matrix Reloaded Plugin vulnerable to CSRF
CVE-2022-34794 unknown 4y ago Missing Authorization in Jenkins Recipe Plugin
CVE-2022-34799 unknown 4y ago Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
CVE-2022-34785 unknown 4y ago Jenkins build-metrics Plugin Missing Authorization vulnerability
CVE-2022-34786 unknown 4y ago Cross-site Scripting in Jenkins Rich Text Publisher Plugin
CVE-2022-34797 unknown 4y ago Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
CVE-2022-34777 unknown 4y ago Cross-site Scripting in Jenkins GitLab Plugin
CVE-2022-34783 unknown 4y ago Cross-site Scripting in Jenkins Plot Plugin
CVE-2022-34800 unknown 4y ago Plaintext Storage of a Password in Jenkins Build Notifications Plugin
CVE-2022-34798 unknown 4y ago Missing Authorization in Jenkins Deployment Dashboard Plugin
CVE-2022-34802 unknown 4y ago Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
CVE-2022-34791 unknown 4y ago Cross-site Scripting in Jenkins Validating Email Parameter Plugin
CVE-2022-32532 unknown 4y ago Improper Authorization in Apache Shiro
CVE-2022-26477 unknown 4y ago SystemDS CPU exhaustion vulnerability
CVE-2022-33879 unknown 4y ago Apache Tika contains incomplete fix for regex DoS
CVE-2022-34210 unknown 4y ago Missing permission check in Jenkins ThreadFix Plugin
CVE-2022-34207 unknown 4y ago Cross-Site Request Forgery in Jenkins Beaker builder Plugin
CVE-2022-34213 unknown 4y ago Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
CVE-2022-34212 unknown 4y ago Missing permission check in Jenkins vRealize Orchestrator Plugin
CVE-2022-34198 unknown 4y ago Cross-site Scripting in Jenkins Stash Branch Parameter Plugin
CVE-2022-34305 unknown 4y ago In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data with…
CVE-2022-34208 unknown 4y ago Jenkins Beaker builder Plugin Missing Authorization vulnerability
CVE-2022-34298 unknown 4y ago NT auth module vulnerability in OpenAM
CVE-2022-34211 unknown 4y ago Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
CVE-2022-34209 unknown 4y ago Cross-Site Request Forgery in Jenkins ThreadFix Plugin
CVE-2022-34205 unknown 4y ago Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin
CVE-2022-34182 unknown 4y ago Reflected Cross-site Scripting in Jenkins Nested View Plugin
CVE-2022-34199 unknown 4y ago Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
CVE-2022-34206 unknown 4y ago Jenkins Jianliao Notification Plugin Missing Authorization vulnerability
CVE-2022-34178 unknown 4y ago Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin
CVE-2022-34177 unknown 4y ago Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin