Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2024-23899
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and previous versions does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to ...
Jenkins Git Server
4.3
CVSSv3
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and previous versions does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with...
Jenkins Matrix Project
6.5
CVSSv3
CVE-2024-23901
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions unconditionally discovers projects that are shared with the configured owner group, allowing malicious users to configure and share a project, resulting in a crafted Pipeline being built by Jenkins duri...
Jenkins Github Branch Source
4.3
CVSSv3
CVE-2024-23902
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Github Branch Source
5.3
CVSSv3
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid we...
Jenkins Github Branch Source
7.5
CVSSv3
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and previous versions does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated malicious users to read content from arb...
Jenkins Log Command
5.4
CVSSv3
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and previous versions programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
Jenkins Red Hat Dependency Analytics
5.4
CVSSv3
CVE-2023-6148
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and acc...
Qualys Policy Compliance
6.5
CVSSv3
CVE-2023-6149
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit...
Qualys Web Application Screening
6.5
CVSSv3
CVE-2023-6147
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to conf...
Qualys Policy Compliance
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »