Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-1000504
A race condition during Jenkins 2.94 and previous versions; 2.89.1 and previous versions startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Pl...
Jenkins Jenkins
5.4
CVSSv3
CVE-2023-39151
Jenkins 2.415 and previous versions, LTS 2.401.2 and previous versions does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log...
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34170
In Jenkins 2.320 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vu...
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34171
In Jenkins 2.321 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' at...
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34172
In Jenkins 2.340 up to and including 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34173
In Jenkins 2.340 up to and including 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Jenkins
7.5
CVSSv3
CVE-2022-34174
In Jenkins 2.355 and previous versions, LTS 2.332.3 and previous versions, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins...
Jenkins Jenkins
7.5
CVSSv3
CVE-2022-34175
Jenkins 2.335 up to and including 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
Jenkins Jenkins
5.3
CVSSv3
CVE-2020-2101
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions did not use a constant-time comparison function for validating connection secrets, which could potentially allow an malicious user to use a timing attack to obtain this secret.
Jenkins Jenkins
7.3
CVSSv3
CVE-2017-1000391
Jenkins versions 2.88 and previous versions and 2.73.2 and previous versions stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the u...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »