← Back

Official Owasp Zap

official_owasp_zap

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Jenkins
1Official Owasp Zap
Jun 26, 2026
Jun 24, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins co...Show more
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.Show less
1Jenkins
1Official Owasp Zap
Jun 17, 2026
Apr 4, 2019
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.