Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2020-2099
Jenkins 2.213 and previous versions, LTS 2.204.1 and previous versions improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be us...
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2103
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
Jenkins Jenkins
4.3
CVSSv3
CVE-2020-2104
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions allowed users with Overall/Read access to view a JVM memory usage chart.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2163
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
Jenkins Jenkins
6.1
CVSSv3
CVE-2012-4439
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
Jenkins Jenkins
6.1
CVSSv3
CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the CI game plugin.
Jenkins Jenkins
5.4
CVSSv3
CVE-2023-39151
Jenkins 2.415 and previous versions, LTS 2.401.2 and previous versions does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log...
Jenkins Jenkins
4.3
CVSSv3
CVE-2023-27902
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins Jenkins
4.4
CVSSv3
CVE-2023-27903
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to t...
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34170
In Jenkins 2.320 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vu...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »