Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2021-21604
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an admi...
Jenkins Jenkins
4
CVSSv2
CVE-2021-21607
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Jenkins Jenkins
3.5
CVSSv2
CVE-2021-21611
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of i...
Jenkins Jenkins
3.5
CVSSv2
CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21683
The file browser in Jenkins 2.314 and previous versions, LTS 2.303.1 and previous versions may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace p...
Jenkins Jenkins
6.4
CVSSv2
CVE-2021-21687
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
Jenkins Jenkins
7.5
CVSSv2
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
7.5
CVSSv2
CVE-2021-21692
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
Jenkins Jenkins
NA
CVE-2023-43494
Jenkins 2.50 up to and including 2.423 (both inclusive), LTS 2.60.1 up to and including 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission ...
Jenkins Jenkins
NA
CVE-2023-43495
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to ...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »