Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2018-1000406
A path traversal vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the i...
Jenkins Jenkins
578
VMScore
CVE-2012-4438
Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
Jenkins Jenkins
1 Github repository
383
VMScore
CVE-2012-4439
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
Jenkins Jenkins
383
VMScore
CVE-2012-4440
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the Violations plugin.
Jenkins Jenkins
383
VMScore
CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the CI game plugin.
Jenkins Jenkins
383
VMScore
CVE-2022-34170
In Jenkins 2.320 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vu...
Jenkins Jenkins
383
VMScore
CVE-2022-34171
In Jenkins 2.321 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' at...
Jenkins Jenkins
445
VMScore
CVE-2022-34175
Jenkins 2.335 up to and including 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
Jenkins Jenkins
356
VMScore
CVE-2017-1000400
The Jenkins 2.73.1 and previous versions, 2.83 and previous versions remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Re...
Jenkins Jenkins
107
VMScore
CVE-2017-1000401
The Jenkins 2.73.1 and previous versions, 2.83 and previous versions default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being l...
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »