Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-34173
In Jenkins 2.340 up to and including 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Jenkins
7.5
CVSSv3
CVE-2022-34174
In Jenkins 2.355 and previous versions, LTS 2.332.3 and previous versions, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins...
Jenkins Jenkins
7.5
CVSSv3
CVE-2022-34175
Jenkins 2.335 up to and including 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
Jenkins Jenkins
5.4
CVSSv3
CVE-2023-39151
Jenkins 2.415 and previous versions, LTS 2.401.2 and previous versions does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log...
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-1000393
Jenkins 2.73.1 and previous versions, 2.83 and previous versions users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on...
Jenkins Jenkins
5.4
CVSSv3
CVE-2019-10405
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-1000354
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authe...
Jenkins Jenkins
6.5
CVSSv3
CVE-2017-1000355
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
Jenkins Jenkins
5.4
CVSSv3
CVE-2021-21603
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
8
CVSSv3
CVE-2021-21604
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an admi...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »