Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend ...
Apache Maven
Quarkus Quarkus
Oracle Financial Services Analytical Applications Infrastructure
Oracle Goldengate Big Data And Application Adapters 23.1
1 Github repository
9.1
CVSSv3
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that w...
Google Oauth Client Library For Java
9.1
CVSSv3
CVE-2019-1003015
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and previous versions in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in prepara...
Jenkins Job Import
8.8
CVSSv3
CVE-2024-23898
Jenkins 2.217 up to and including 2.441 (both inclusive), LTS 2.222.1 up to and including 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing...
Jenkins Jenkins
1 Github repository
8.8
CVSSv3
CVE-2023-50766
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and previous versions allows malicious users to send an HTTP request to an attacker-specified URL and parse the response as XML.
Jenkins Nexus Platform
8.8
CVSSv3
CVE-2023-50768
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and previous versions allows malicious users to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credential...
Jenkins Nexus Platform
8.8
CVSSv3
CVE-2023-50778
A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and previous versions allows malicious users to connect to an attacker-specified URL using an attacker-specified token.
Jenkins Paaslane Estimate
8.8
CVSSv3
CVE-2023-49655
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and previous versions allows malicious users to have Jenkins parse an XML file from the Jenkins controller file system.
Jenkins Matlab
8.8
CVSSv3
CVE-2023-49673
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Neuvector Vulnerability Scanner
Jenkins Jira
Jenkins Google Compute Engine
Jenkins Matlab
8.8
CVSSv3
CVE-2023-43496
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system tem...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »