Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-2099
Jenkins 2.213 and previous versions, LTS 2.204.1 and previous versions improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be us...
Jenkins Jenkins
5
CVSSv2
CVE-2020-2100
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
Jenkins Jenkins
1 Github repository
3.5
CVSSv2
CVE-2020-2101
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions did not use a constant-time comparison function for validating connection secrets, which could potentially allow an malicious user to use a timing attack to obtain this secret.
Jenkins Jenkins
3.5
CVSSv2
CVE-2020-2102
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions used a non-constant time comparison function when validating an HMAC.
Jenkins Jenkins
4.3
CVSSv2
CVE-2020-2105
REST API endpoints in Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions were vulnerable to clickjacking attacks.
Jenkins Jenkins
3.5
CVSSv2
CVE-2015-7536
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.640 and LTS prior to 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
Jenkins Jenkins
5
CVSSv2
CVE-2022-0538
Jenkins 2.333 and previous versions, LTS 2.319.2 and previous versions defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Jenkins Jenkins
NA
CVE-2023-27898
Jenkins 2.270 up to and including 2.393 (both inclusive), LTS 2.277.1 up to and including 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting i...
Jenkins Jenkins
NA
CVE-2023-27899
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenk...
Jenkins Jenkins
NA
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »