Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-46652
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.
Jenkins Lambdatest-automation
8.1
CVSSv3
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and previous versions follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitr...
Jenkins Cloudbees Cd
5.3
CVSSv3
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webh...
Jenkins Multibranch Scan Webhook Trigger
5.3
CVSSv3
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token...
Jenkins Msteams Webhook Trigger 0.1.1
Jenkins Msteams Webhook Trigger 0.1.0
5.4
CVSSv3
CVE-2023-46659
Jenkins Edgewall Trac Plugin 1.13 and previous versions does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Edgewall Trac
5.3
CVSSv3
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token.
Jenkins Zanata
6.5
CVSSv3
CVE-2023-46653
Jenkins lambdatest-automation Plugin 1.20.10 and previous versions logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.
Jenkins Lambdatest-automation
6.5
CVSSv3
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and previous versions follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish ar...
Jenkins Cloudbees Cd
5.3
CVSSv3
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and previous versions uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing malicious users to use statistical methods to obtain a valid webhook token.
Jenkins Gogs
7.5
CVSSv3
CVE-2023-5072
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Json-java Project Json-java
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »