Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-10352
A path traversal vulnerability in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended dir...
Jenkins Jenkins
7.5
CVSSv3
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Jenkins Jenkins
8.8
CVSSv3
CVE-2012-4438
Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
Jenkins Jenkins
1 Github repository
6.1
CVSSv3
CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the CI game plugin.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2220
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2222
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
4.8
CVSSv3
CVE-2019-10406
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
Jenkins Jenkins
1 Github repository
8
CVSSv3
CVE-2023-35141
In Jenkins 2.399 and previous versions, LTS 2.387.3 and previous versions, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexp...
Jenkins Jenkins
NA
CVE-2014-2058
BuildTrigger in Jenkins prior to 1.551 and LTS prior to 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.
Jenkins Jenkins
6.5
CVSSv3
CVE-2018-1000406
A path traversal vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the i...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »