Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3825
Versions of the BlazeMeter Jenkins plugin before 4.22 contain a flaw which results in credential enumeration
NA
CVE-2024-28154
Jenkins MQ Notifier Plugin 1.4.0 and previous versions logs potentially sensitive build parameters as part of debug information in build logs by default.
NA
CVE-2024-2215
A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and previous versions allows malicious users to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecti...
NA
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test...
NA
CVE-2024-28149
Jenkins HTML Publisher Plugin 1.16 up to and including 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system e...
NA
CVE-2024-28150
Jenkins HTML Publisher Plugin 1.32 and previous versions does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
NA
CVE-2024-28151
Jenkins HTML Publisher Plugin 1.32 and previous versions archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exist...
NA
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and previous versions, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access t...
NA
CVE-2024-28153
Jenkins OWASP Dependency-Check Plugin 5.4.5 and previous versions does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
NA
CVE-2024-28155
Jenkins AppSpider Plugin 1.0.16 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »