Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-21694
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21696
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wi...
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21691
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Generic Webhook Trigger
9.8
CVSSv3
CVE-2020-2320
Jenkins Plugin Installation Manager Tool 2.1.3 and previous versions does not verify plugin downloads.
Jenkins Installation Manager Tool
9.8
CVSSv3
CVE-2020-2299
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user if a magic constant is used as the password.
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2301
Jenkins Active Directory Plugin 2.19 and previous versions allows malicious users to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Jenkins Active Directory
9.8
CVSSv3
CVE-2020-2300
Jenkins Active Directory Plugin 2.19 and previous versions does not prohibit the use of an empty password in Windows/ADSI mode, which allows malicious users to log in to Jenkins as any user depending on the configuration of the Active Directory server.
Jenkins Active Directory
9.8
CVSSv3
CVE-2019-11350
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
Cloudbees Jenkins Operations Center 2.150.2.3
9.8
CVSSv3
CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and previous versions allows malicious users to invoke arbitrary constructors in sandboxed scripts.
Jenkins Script Security
Redhat Openshift Container Platform 3.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »