Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-21688
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#cop...
Jenkins Jenkins
7.5
CVSSv2
CVE-2021-21694
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
4.3
CVSSv2
CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins Jenkins
4
CVSSv2
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
3.5
CVSSv2
CVE-2018-1000170
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed ...
Jenkins Jenkins
4
CVSSv2
CVE-2018-1000406
A path traversal vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the i...
Jenkins Jenkins
6.4
CVSSv2
CVE-2018-1000408
A denial of service vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances usi...
Jenkins Jenkins
2.1
CVSSv2
CVE-2018-1000410
An information exposure vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java th...
Jenkins Jenkins
4
CVSSv2
CVE-2017-2598
Jenkins prior to 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
Jenkins Jenkins
5.5
CVSSv2
CVE-2017-2599
Jenkins prior to 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »