Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-2607
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious ...
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-2608
Jenkins prior to 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
Jenkins Jenkins
4.3
CVSSv3
CVE-2017-2609
jenkins prior to 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have...
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2610
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2612
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2613
jenkins prior to 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-1000354
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authe...
Jenkins Jenkins
6.5
CVSSv3
CVE-2017-1000355
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-1000356
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting ...
Jenkins Jenkins
9.8
CVSSv3
CVE-2017-1000362
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins n...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »