Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-1000406
A path traversal vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the i...
Jenkins Jenkins
6.1
CVSSv3
CVE-2018-1000407
A cross-site scripting vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/model/Api.java that allows malicious users to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by ...
Jenkins Jenkins
5.4
CVSSv3
CVE-2018-1000409
A session fixation vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user...
Jenkins Jenkins
7.8
CVSSv3
CVE-2018-1000410
An information exposure vulnerability exists in Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java th...
Jenkins Jenkins
4.3
CVSSv3
CVE-2023-43494
Jenkins 2.50 up to and including 2.423 (both inclusive), LTS 2.60.1 up to and including 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission ...
Jenkins Jenkins
5.4
CVSSv3
CVE-2023-43495
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to ...
Jenkins Jenkins
8.8
CVSSv3
CVE-2023-43496
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system tem...
Jenkins Jenkins
4.3
CVSSv3
CVE-2017-2600
In jenkins prior to 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
Jenkins Jenkins
4.3
CVSSv3
CVE-2017-1000395
Jenkins 2.73.1 and previous versions, 2.83 and previous versions provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses i...
Jenkins Jenkins
6.5
CVSSv3
CVE-2018-1999047
A improper authorization vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in UpdateCenter.java that allows malicious users to cancel a Jenkins restart scheduled through the update center.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »