Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-1000170
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed ...
Jenkins Jenkins
5.4
CVSSv3
CVE-2018-1000409
A session fixation vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user...
Jenkins Jenkins
7.8
CVSSv3
CVE-2018-1000410
An information exposure vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java th...
Jenkins Jenkins
4.3
CVSSv3
CVE-2018-1999046
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.
Jenkins Jenkins
7.5
CVSSv3
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
4.3
CVSSv3
CVE-2023-27902
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34172
In Jenkins 2.340 up to and including 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
7.5
CVSSv3
CVE-2022-34174
In Jenkins 2.355 and previous versions, LTS 2.332.3 and previous versions, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins...
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21691
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21694
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »