Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-10405
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2222
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2229
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
2 Github repositories
5.4
CVSSv3
CVE-2020-2231
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure p...
Jenkins Jenkins
NA
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
5.4
CVSSv3
CVE-2018-1000170
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed ...
Jenkins Jenkins
5.4
CVSSv3
CVE-2015-7536
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.640 and LTS prior to 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Jenkins Jenkins
NA
CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins Jenkins
NA
CVE-2013-0331
Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.
Jenkins Jenkins
5.3
CVSSv3
CVE-2014-9635
Jenkins prior to 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to cookies.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »