Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-1000396
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as...
Jenkins Jenkins
383
VMScore
CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the CI game plugin.
Jenkins Jenkins
312
VMScore
CVE-2015-7536
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.640 and LTS prior to 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Jenkins Jenkins
NA
CVE-2023-35141
In Jenkins 2.399 and previous versions, LTS 2.387.3 and previous versions, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexp...
Jenkins Jenkins
605
VMScore
CVE-2020-2160
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions uses different representations of request URL paths, which allows malicious users to craft URLs that allow bypassing CSRF protection of any target URL.
Jenkins Jenkins
312
VMScore
CVE-2020-2221
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
312
VMScore
CVE-2019-10404
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expre...
Jenkins Jenkins
454
VMScore
CVE-2021-21671
Jenkins 2.299 and previous versions, LTS 2.289.1 and previous versions does not invalidate the previous session on login.
Jenkins Jenkins
516
VMScore
CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
Jenkins Jenkins
570
VMScore
CVE-2021-21689
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »