Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Jenkins Jenkins
5.4
CVSSv3
CVE-2021-21603
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
6.5
CVSSv3
CVE-2021-21607
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Jenkins Jenkins
5.3
CVSSv3
CVE-2021-21609
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
Jenkins Jenkins
6.1
CVSSv3
CVE-2021-21610
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup f...
Jenkins Jenkins
5.4
CVSSv3
CVE-2021-21611
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of i...
Jenkins Jenkins
5.3
CVSSv3
CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Jenkins Jenkins
4.3
CVSSv3
CVE-2021-21640
Jenkins 2.286 and previous versions, LTS 2.277.1 and previous versions does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
Jenkins Jenkins
4.3
CVSSv3
CVE-2021-21682
Jenkins 2.314 and previous versions, LTS 2.303.1 and previous versions accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21691
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »