Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-34174
In Jenkins 2.355 and previous versions, LTS 2.332.3 and previous versions, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins...
Jenkins Jenkins
7.5
CVSSv3
CVE-2022-34175
Jenkins 2.335 up to and including 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view.
Jenkins Jenkins
NA
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2221
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2229
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
2 Github repositories
5.4
CVSSv3
CVE-2020-2230
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2231
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure p...
Jenkins Jenkins
6.5
CVSSv3
CVE-2021-21602
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Jenkins Jenkins
8
CVSSv3
CVE-2021-21604
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an admi...
Jenkins Jenkins
4.3
CVSSv3
CVE-2021-21606
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions improperly validates the format of a provided fingerprint ID when checking for its existence allowing an malicious user to check for the existence of XML files with a short path.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »