Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2017-1000502
Users with permission to create or configure agents in Jenkins 1.37 and previous versions could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scrip...
Jenkins Ec2
9
CVSSv2
CVE-2016-0792
Multiple unspecified API endpoints in Jenkins prior to 1.650 and LTS prior to 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Jenkins Jenkins
Redhat Openshift 3.1
2 EDB exploits
2 Metasploit modules
4 Github repositories
8.5
CVSSv2
CVE-2020-2139
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and previous versions allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.
Jenkins Cobertura
7.8
CVSSv2
CVE-2021-28165
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Eclipse Jetty
Oracle Communications Services Gatekeeper 7.0
Oracle Autovue For Agile Product Lifecycle Management 21.0.2
Oracle Siebel Core - Automation
Oracle Communications Element Manager 8.2.2
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Session Report Manager
Oracle Communications Session Route Manager
Oracle Rest Data Services
Jenkins Jenkins
Netapp Santricity Cloud Connector -
Netapp E-series Santricity Os Controller
Netapp E-series Performance Analyzer
Netapp Snapcenter
Netapp E-series Santricity Storage
Netapp Santricity Web Services Proxy
Netapp Storage Replication Adapter For Clustered Data Ontap
Netapp Vasa Provider For Clustered Data Ontap
Netapp E-series Santricity Web Services
Netapp Ontap Tools
Netapp Cloud Manager
1 Github repository
7.8
CVSSv2
CVE-2012-0785
Hash collision attack vulnerability in Jenkins prior to 1.447, Jenkins LTS prior to 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x prior to 1.424.2.1 and 1.400.x prior to 1.400.0.11 could allow remote malicious users to cause a considerable CPU load, aka "the Hash DoS ...
Cloudbees Jenkins
Jenkins Jenkins
1 Github repository
7.6
CVSSv2
CVE-2015-7539
The Plugins Manager in Jenkins prior to 1.640 and LTS prior to 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle malicious users to execute arbitrary code via a crafted plugin.
Jenkins Jenkins
Redhat Openshift 2.0
Redhat Openshift 3.1
7.5
CVSSv2
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Apache Maven Shared Utils
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2022-22978
In spring security versions before 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable...
Vmware Spring Security
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Active Iq Unified Manager -
26 Github repositories
7.5
CVSSv2
CVE-2021-21696
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wi...
Jenkins Jenkins
7.5
CVSSv2
CVE-2021-21691
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »