Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Jenkins Jenkins
6.8
CVSSv2
CVE-2013-0327
Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to hijack the authentication of users via unknown vectors.
Jenkins Jenkins
4.3
CVSSv2
CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins Jenkins
7.5
CVSSv2
CVE-2013-0329
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to bypass the CSRF protection mechanism via unknown attack vectors.
Jenkins Jenkins
4
CVSSv2
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
4
CVSSv2
CVE-2013-0331
Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.
Jenkins Jenkins
6.5
CVSSv2
CVE-2014-2058
BuildTrigger in Jenkins prior to 1.551 and LTS prior to 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21607
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Jenkins Jenkins
5
CVSSv2
CVE-2021-21609
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
Jenkins Jenkins
4.3
CVSSv2
CVE-2021-21610
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup f...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »