CVE-2022-40219 The SedLex FavIcon Switcher plugin has a CSRF vulnerability that allows plugin settings to be changed.
When installing SedLex FavIcon Switcher plugin, browse to Settings page and change required settings to alter the way site behaves. SedLex FavIcon Switcher plugin does
CVE-2022-41245 An attack scenario in which an attacker can connect to a URL of their choice using credentials obtained through a different attack.
Subsequently, an attacker may access and/or modify Jenkins data, create or alter jobs, or propagate the attack to other Jenkins installations. This may lead
CVE-2022-41253 The Jenkins CONS3RT Plugin 1.0.0 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method.
This CSRF vulnerability can be exploited by an attacker who controls a target Jenkins installation and configures the plugin to pass login credentials to another
CVE-2022-40754 The webserver's `/confirm` endpoint had an open redirect.
This would redirect a user to their email if they had requested a confirmation link. This was fixed in 2.3.5. Upgrading to 2.
CVE-2022-40604 Airflow url had formatting issue, allowing for information extraction.
The following flow was not escaping all text within it, allowing for cross site scripting (XSS) attacks. a href="%= request.getPathName() %>">
Episode
00:00:00
00:00:00