Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Jenkins Jenkins
3.5
CVSSv2
CVE-2019-10401
In Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Config...
Jenkins Jenkins
3.5
CVSSv2
CVE-2019-10404
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expre...
Jenkins Jenkins
4.3
CVSSv2
CVE-2022-34170
In Jenkins 2.320 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vu...
Jenkins Jenkins
3.5
CVSSv2
CVE-2020-2229
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
2 Github repositories
3.5
CVSSv2
CVE-2020-2230
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21602
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Jenkins Jenkins
3.5
CVSSv2
CVE-2021-21603
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
6
CVSSv2
CVE-2021-21604
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an admi...
Jenkins Jenkins
6
CVSSv2
CVE-2021-21605
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »