Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and previous versions does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.
Jenkins Warnings
NA
CVE-2023-46652
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.
Jenkins Lambdatest-automation
NA
CVE-2023-46653
Jenkins lambdatest-automation Plugin 1.20.10 and previous versions logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.
Jenkins Lambdatest-automation
NA
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and previous versions follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitr...
Jenkins Cloudbees Cd
NA
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webh...
Jenkins Multibranch Scan Webhook Trigger
NA
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token.
Jenkins Gogs
NA
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token...
Jenkins Msteams Webhook Trigger 0.1.1
Jenkins Msteams Webhook Trigger 0.1.0
NA
CVE-2023-46659
Jenkins Edgewall Trac Plugin 1.13 and previous versions does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Edgewall Trac
NA
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token.
Jenkins Zanata
NA
CVE-2023-5072
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Json-java Project Json-java
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »