Jenkins Cadence_vmanager
5 CVEs affecting Jenkins Cadence_vmanager. Latest disclosed: 2025-05-14. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-10446 | High | 8.2 | 2019-10-16 | Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. |
CVE-2020-2243 | Medium | 5.4 | 2020-09-01 | Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerabilit… |
CVE-2025-47887 | Medium | 4.3 | 2025-05-14 | Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to… |
CVE-2025-47886 | Medium | 4.3 | 2025-05-14 | A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an a… |
CVE-2025-31724 | Medium | 4.3 | 2025-04-02 | Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins cont… |