Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-1999043
A denial of service vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows malicious users to create ephemeral in-memory user records by attempting to log in u...
Jenkins Jenkins
6.5
CVSSv3
CVE-2018-1999044
A denial of service vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
Jenkins Jenkins
5.4
CVSSv3
CVE-2018-1999045
A improper authentication vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
Jenkins Jenkins
6.5
CVSSv3
CVE-2018-1999047
A improper authorization vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in UpdateCenter.java that allows malicious users to cancel a Jenkins restart scheduled through the update center.
Jenkins Jenkins
4.7
CVSSv3
CVE-2017-17383
Jenkins up to and including 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
Jenkins Jenkins
5.8
CVSSv3
CVE-2020-2100
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
Jenkins Jenkins
1 Github repository
4.3
CVSSv3
CVE-2017-1000400
The Jenkins 2.73.1 and previous versions, 2.83 and previous versions remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Re...
Jenkins Jenkins
9.6
CVSSv3
CVE-2023-27898
Jenkins 2.270 up to and including 2.393 (both inclusive), LTS 2.277.1 up to and including 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting i...
Jenkins Jenkins
7
CVSSv3
CVE-2023-27899
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenk...
Jenkins Jenkins
7.5
CVSSv3
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »