Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34144
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and previous versions allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute ...
NA
CVE-2024-34146
Jenkins Git server Plugin 114.v068a_c7cc2574 and previous versions does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
NA
CVE-2024-34147
Jenkins Telegram Bot Plugin 1.4.0 and previous versions stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
NA
CVE-2024-34148
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and previous versions programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...
NA
CVE-2024-3825
Versions of the BlazeMeter Jenkins plugin before 4.22 contain a flaw which results in credential enumeration
NA
CVE-2024-28149
Jenkins HTML Publisher Plugin 1.16 up to and including 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system e...
NA
CVE-2024-28150
Jenkins HTML Publisher Plugin 1.32 and previous versions does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
NA
CVE-2024-28151
Jenkins HTML Publisher Plugin 1.32 and previous versions archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exist...
NA
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and previous versions, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access t...
NA
CVE-2024-28153
Jenkins OWASP Dependency-Check Plugin 5.4.5 and previous versions does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »