Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23897
Jenkins 2.441 and previous versions, LTS 2.426.2 and previous versions does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated malicious users to r...
Jenkins Jenkins
31 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-49654
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and previous versions allow malicious users to have Jenkins parse an XML file from the Jenkins controller file system.
Jenkins Matlab
9.8
CVSSv3
CVE-2023-49656
Jenkins MATLAB Plugin 2.11.0 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Matlab
9.8
CVSSv3
CVE-2023-28668
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and previous versions grants permissions even after they've been disabled.
Jenkins Role-based Authorization Strategy
9.8
CVSSv3
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and previous versions uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle proj...
Jenkins Convert To Pipeline
9.8
CVSSv3
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and previous versions does not invalidate the previous session on login.
Jenkins Bitbucket Oauth
9.8
CVSSv3
CVE-2023-24429
Jenkins Semantic Versioning Plugin 1.14 and previous versions does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a cra...
Jenkins Semantic Versioning
9.8
CVSSv3
CVE-2023-24430
Jenkins Semantic Versioning Plugin 1.14 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Semantic Versioning
9.8
CVSSv3
CVE-2023-24441
Jenkins MSTest Plugin 1.0.0 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Mstest
9.8
CVSSv3
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »