Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2017-1000086
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiri...
Jenkins Periodic Backup 1.0
Jenkins Periodic Backup 1.3
Jenkins Periodic Backup 1.1
Jenkins Periodic Backup 1.4
Jenkins Periodic Backup 1.2
NA
CVE-2024-23897
Jenkins 2.441 and previous versions, LTS 2.426.2 and previous versions does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated malicious users to r...
Jenkins Jenkins
31 Github repositories
1 Article
668
VMScore
CVE-2020-2099
Jenkins 2.213 and previous versions, LTS 2.204.1 and previous versions improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be us...
Jenkins Jenkins
383
VMScore
CVE-2020-2105
REST API endpoints in Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions were vulnerable to clickjacking attacks.
Jenkins Jenkins
312
VMScore
CVE-2020-2161
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node lab...
Jenkins Jenkins
312
VMScore
CVE-2020-2163
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
Jenkins Jenkins
312
VMScore
CVE-2021-21608
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins Jenkins
668
VMScore
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
356
VMScore
CVE-2018-1999006
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in Plugin.java that allows malicious users to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of t...
Jenkins Jenkins
383
VMScore
CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »