Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-0538
Jenkins 2.333 and previous versions, LTS 2.319.2 and previous versions defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Jenkins Jenkins
NA
CVE-2023-27898
Jenkins 2.270 up to and including 2.393 (both inclusive), LTS 2.277.1 up to and including 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting i...
Jenkins Jenkins
NA
CVE-2023-27899
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenk...
Jenkins Jenkins
NA
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
NA
CVE-2023-27901
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing malicious users to...
Jenkins Jenkins
NA
CVE-2023-27902
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins Jenkins
NA
CVE-2023-27903
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to t...
Jenkins Jenkins
NA
CVE-2023-27904
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Jenkins Jenkins
NA
CVE-2023-43494
Jenkins 2.50 up to and including 2.423 (both inclusive), LTS 2.60.1 up to and including 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission ...
Jenkins Jenkins
NA
CVE-2023-43495
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to ...
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »