Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that w...
Google Oauth Client Library For Java
9.1
CVSSv3
CVE-2019-1003015
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and previous versions in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in prepara...
Jenkins Job Import
8.8
CVSSv3
CVE-2024-23898
Jenkins 2.217 up to and including 2.441 (both inclusive), LTS 2.222.1 up to and including 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing...
Jenkins Jenkins
1 Github repository
8.8
CVSSv3
CVE-2023-50766
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and previous versions allows malicious users to send an HTTP request to an attacker-specified URL and parse the response as XML.
Jenkins Nexus Platform
8.8
CVSSv3
CVE-2023-50768
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and previous versions allows malicious users to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credential...
Jenkins Nexus Platform
8.8
CVSSv3
CVE-2023-50778
A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and previous versions allows malicious users to connect to an attacker-specified URL using an attacker-specified token.
Jenkins Paaslane Estimate
8.8
CVSSv3
CVE-2023-49655
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and previous versions allows malicious users to have Jenkins parse an XML file from the Jenkins controller file system.
Jenkins Matlab
8.8
CVSSv3
CVE-2023-49673
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Neuvector Vulnerability Scanner
Jenkins Jira
Jenkins Google Compute Engine
Jenkins Matlab
8.8
CVSSv3
CVE-2023-43496
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system tem...
Jenkins Jenkins
8.8
CVSSv3
CVE-2023-43500
A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and previous versions allows malicious users to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Build Failure Analyzer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »