Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-21638
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials ...
Jenkins Team Foundation Server
6.8
CVSSv2
CVE-2021-21627
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and previous versions allows malicious users to stop hypervisor domains.
Jenkins Libvirt Agents
6.8
CVSSv2
CVE-2021-21617
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and previous versions allows malicious users to apply different slice configurations.
Jenkins Configuration Slicing
6.8
CVSSv2
CVE-2020-2286
Jenkins Role-based Authorization Strategy Plugin 3.0 and previous versions does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
Jenkins Role-based Authorization Strategy
6.8
CVSSv2
CVE-2020-2280
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and previous versions allows malicious users to execute arbitrary code.
Jenkins Warnings
6.8
CVSSv2
CVE-2020-2268
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and previous versions allows malicious users to gain access to some metadata of any arbitrary files on the Jenkins controller.
Jenkins Mongodb
6.8
CVSSv2
CVE-2020-2240
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and previous versions allows malicious users to execute arbitrary SQL scripts.
Jenkins Database
6.8
CVSSv2
CVE-2020-2241
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and previous versions allows malicious users to connect to an attacker-specified database server using attacker-specified credentials.
Jenkins Database
6.8
CVSSv2
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
6.8
CVSSv2
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »