Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9635
Jenkins prior to 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to cookies.
Jenkins Jenkins
668
VMScore
CVE-2020-2099
Jenkins 2.213 and previous versions, LTS 2.204.1 and previous versions improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be us...
Jenkins Jenkins
312
VMScore
CVE-2020-2101
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions did not use a constant-time comparison function for validating connection secrets, which could potentially allow an malicious user to use a timing attack to obtain this secret.
Jenkins Jenkins
312
VMScore
CVE-2020-2102
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions used a non-constant time comparison function when validating an HMAC.
Jenkins Jenkins
356
VMScore
CVE-2020-2103
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
Jenkins Jenkins
312
VMScore
CVE-2019-10406
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
Jenkins Jenkins
1 Github repository
668
VMScore
CVE-2021-21692
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
Jenkins Jenkins
312
VMScore
CVE-2015-7536
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.640 and LTS prior to 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Jenkins Jenkins
312
VMScore
CVE-2020-2220
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
312
VMScore
CVE-2020-2230
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »