Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-2161
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node lab...
Jenkins Jenkins
5.3
CVSSv3
CVE-2020-2102
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions used a non-constant time comparison function when validating an HMAC.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2103
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2105
REST API endpoints in Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions were vulnerable to clickjacking attacks.
Jenkins Jenkins
8.8
CVSSv3
CVE-2020-2160
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions uses different representations of request URL paths, which allows malicious users to craft URLs that allow bypassing CSRF protection of any target URL.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2163
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2220
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2222
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2223
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2610
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »