Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-2160
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions uses different representations of request URL paths, which allows malicious users to craft URLs that allow bypassing CSRF protection of any target URL.
Jenkins Jenkins
6.8
CVSSv2
CVE-2020-2116
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
Jenkins Pipeline Github Notify Step
6.8
CVSSv2
CVE-2020-2093
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and previous versions allows malicious users to send an email with fixed content to an attacker-specified recipient.
Jenkins Health Advisor By Cloudbees
6.8
CVSSv2
CVE-2020-2090
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and previous versions allows malicious users to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Jenkins Amazon Ec2
6.8
CVSSv2
CVE-2019-16560
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and previous versions allows malicious users to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
Jenkins Websphere Deployer
6.8
CVSSv2
CVE-2019-16573
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...
Jenkins Alauda Devops Pipeline
6.8
CVSSv2
CVE-2019-16565
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Team Concert
6.8
CVSSv2
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle malicious users to have Jenkins parse crafted XML documents.
Jenkins Maven
6.8
CVSSv2
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and previous versions allows malicious users to have Jenkins connect to an attacker specified web server and parse XML documents.
Jenkins Maven
6.8
CVSSv2
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and previous versions allows malicious users to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
Jenkins Gerrit Trigger
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »