Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-2161
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node lab...
Jenkins Jenkins
312
VMScore
CVE-2020-2102
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions used a non-constant time comparison function when validating an HMAC.
Jenkins Jenkins
356
VMScore
CVE-2020-2103
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
Jenkins Jenkins
383
VMScore
CVE-2020-2105
REST API endpoints in Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions were vulnerable to clickjacking attacks.
Jenkins Jenkins
605
VMScore
CVE-2020-2160
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions uses different representations of request URL paths, which allows malicious users to craft URLs that allow bypassing CSRF protection of any target URL.
Jenkins Jenkins
312
VMScore
CVE-2020-2163
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
Jenkins Jenkins
312
VMScore
CVE-2020-2220
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
312
VMScore
CVE-2020-2222
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
312
VMScore
CVE-2020-2223
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
312
VMScore
CVE-2017-2610
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »