Warnings Next Generation Plugin did not properly escape HTML content in warnings displayed on the Jenkins UI, resulting in a cross-site scripting vulnerability exploitable by users able to control warnings parser input.
Monitoring Plugin did not set the X-Frame-Options header, allowing its pages to be embedded. This could result in clickjacking attacks.
Monitoring Plugin provides a standalone JavaMelody servlet with an independent CSRF protection configuration. Even if Jenkins had CSRF protection enabled, Monitoring Plugin may not have it enabled.
OpenId Connect Authentication Plugin stores the client secret in the global Jenkins configuration. While the client secret is stored encrypted on disk, it was transmitted in plain text as part of the configuration form and displayed without masking. This could result in exposure of the client secret through browser extensions, cross-site scripting vulnerabilities, and similar situations. The OpenId Connect Authentication Plugin now encrypts the client secret transmitted to administrators viewing the global configuration form.
Kanboard Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to submit a GET request to an attacker-specified URL. Additionally, this form validation method did not require POST requests, resulting in a CSRF vulnerability.