Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Neuvector Vulnerability Scanner
5.4
CVSSv3
CVE-2023-46650
Jenkins GitHub Plugin 1.37.3 and previous versions does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Github
6.5
CVSSv3
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and previous versions does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
Jenkins Warnings
4.3
CVSSv3
CVE-2023-46652
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.
Jenkins Lambdatest-automation
6.5
CVSSv3
CVE-2023-46653
Jenkins lambdatest-automation Plugin 1.20.10 and previous versions logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.
Jenkins Lambdatest-automation
8.1
CVSSv3
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and previous versions follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitr...
Jenkins Cloudbees Cd
5.3
CVSSv3
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webh...
Jenkins Multibranch Scan Webhook Trigger
5.3
CVSSv3
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token.
Jenkins Gogs
5.3
CVSSv3
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token...
Jenkins Msteams Webhook Trigger 0.1.1
Jenkins Msteams Webhook Trigger 0.1.0
5.4
CVSSv3
CVE-2023-46659
Jenkins Edgewall Trac Plugin 1.13 and previous versions does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Edgewall Trac
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »