Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-23898
Jenkins 2.217 up to and including 2.441 (both inclusive), LTS 2.222.1 up to and including 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing...
Jenkins Jenkins
1 Github repository
5.4
CVSSv3
CVE-2017-2612
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
Jenkins Jenkins
NA
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
8
CVSSv3
CVE-2023-35141
In Jenkins 2.399 and previous versions, LTS 2.387.3 and previous versions, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexp...
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2221
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2222
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2230
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2231
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure p...
Jenkins Jenkins
5.3
CVSSv3
CVE-2014-9634
Jenkins prior to 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote malicious users to capture cookies by intercepting their transmission within an HTTP session.
Jenkins Jenkins
5.3
CVSSv3
CVE-2014-9635
Jenkins prior to 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to cookies.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »