Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2017-1000086
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiri...
Jenkins Periodic Backup 1.0
Jenkins Periodic Backup 1.3
Jenkins Periodic Backup 1.1
Jenkins Periodic Backup 1.4
Jenkins Periodic Backup 1.2
5
CVSSv2
CVE-2017-1000108
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
Jenkins Pipeline-input-step 2.6
Jenkins Pipeline-input-step 2.5
Jenkins Pipeline-input-step 2.4
Jenkins Pipeline-input-step 2.3
Jenkins Pipeline-input-step 2.2
Jenkins Pipeline-input-step 2.1
Jenkins Pipeline-input-step 2.7
Jenkins Pipeline-input-step 2.0
5.5
CVSSv2
CVE-2017-2612
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
Jenkins Jenkins
4
CVSSv2
CVE-2018-1999006
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in Plugin.java that allows malicious users to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of t...
Jenkins Jenkins
4.3
CVSSv2
CVE-2022-34171
In Jenkins 2.321 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' at...
Jenkins Jenkins
5
CVSSv2
CVE-2022-34174
In Jenkins 2.355 and previous versions, LTS 2.332.3 and previous versions, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins...
Jenkins Jenkins
3.5
CVSSv2
CVE-2021-21603
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
6
CVSSv2
CVE-2021-21605
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21606
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions improperly validates the format of a provided fingerprint ID when checking for its existence allowing an malicious user to check for the existence of XML files with a short path.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21607
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »