Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-2162
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
Jenkins Jenkins
668
VMScore
CVE-2020-2099
Jenkins 2.213 and previous versions, LTS 2.204.1 and previous versions improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be us...
Jenkins Jenkins
445
VMScore
CVE-2020-2100
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
Jenkins Jenkins
1 Github repository
312
VMScore
CVE-2020-2101
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions did not use a constant-time comparison function for validating connection secrets, which could potentially allow an malicious user to use a timing attack to obtain this secret.
Jenkins Jenkins
356
VMScore
CVE-2020-2104
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions allowed users with Overall/Read access to view a JVM memory usage chart.
Jenkins Jenkins
356
VMScore
CVE-2021-21602
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Jenkins Jenkins
534
VMScore
CVE-2021-21605
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Jenkins Jenkins
312
VMScore
CVE-2021-21611
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of i...
Jenkins Jenkins
454
VMScore
CVE-2021-21671
Jenkins 2.299 and previous versions, LTS 2.289.1 and previous versions does not invalidate the previous session on login.
Jenkins Jenkins
516
VMScore
CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
Jenkins Jenkins
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »