Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-21606
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions improperly validates the format of a provided fingerprint ID when checking for its existence allowing an malicious user to check for the existence of XML files with a short path.
Jenkins Jenkins
356
VMScore
CVE-2021-21607
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Jenkins Jenkins
312
VMScore
CVE-2021-21608
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins Jenkins
445
VMScore
CVE-2021-21609
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
Jenkins Jenkins
383
VMScore
CVE-2021-21610
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup f...
Jenkins Jenkins
312
VMScore
CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Jenkins Jenkins
356
VMScore
CVE-2021-21639
Jenkins 2.286 and previous versions, LTS 2.277.1 and previous versions does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one o...
Jenkins Jenkins
356
VMScore
CVE-2021-21640
Jenkins 2.286 and previous versions, LTS 2.277.1 and previous versions does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
Jenkins Jenkins
356
VMScore
CVE-2021-21670
Jenkins 2.299 and previous versions, LTS 2.289.1 and previous versions allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
Jenkins Jenkins
356
VMScore
CVE-2021-21683
The file browser in Jenkins 2.314 and previous versions, LTS 2.303.1 and previous versions may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace p...
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »