Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-1000362
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins n...
Jenkins Jenkins
7.3
CVSSv3
CVE-2017-1000391
Jenkins versions 2.88 and previous versions and 2.73.2 and previous versions stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the u...
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-1000393
Jenkins 2.73.1 and previous versions, 2.83 and previous versions users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on...
Jenkins Jenkins
7.5
CVSSv3
CVE-2017-1000394
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenk...
Jenkins Jenkins
9.6
CVSSv3
CVE-2023-27898
Jenkins 2.270 up to and including 2.393 (both inclusive), LTS 2.277.1 up to and including 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting i...
Jenkins Jenkins
7
CVSSv3
CVE-2023-27899
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenk...
Jenkins Jenkins
7.5
CVSSv3
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
4.3
CVSSv3
CVE-2023-27902
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins Jenkins
4.4
CVSSv3
CVE-2023-27903
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to t...
Jenkins Jenkins
5.3
CVSSv3
CVE-2023-27904
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »