Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins project vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2023-35141
In Jenkins 2.399 and previous versions, LTS 2.387.3 and previous versions, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexp...
Jenkins Project Jenkins
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34787
Jenkins Project Inheritance Plugin 21.04.03 and previous versions does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Jenkins Project Inheritance
5.4
CVSSv3
CVE-2018-1999029
A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and previous versions in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another ...
Jenkins Shelve Project
6.5
CVSSv3
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and previous versions does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Jenkins Project Inheritance
8.1
CVSSv3
CVE-2020-2321
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and previous versions allows malicious users to shelve, unshelve, or delete a project.
Jenkins Shelve Project
6.5
CVSSv3
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and previous versions displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Jenkins Project Inheritance
4.3
CVSSv3
CVE-2019-10409
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and previous versions allowed attackers with Overall/Read permission to trigger project generation from templates.
Jenkins Project Inheritance
4.3
CVSSv3
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and previous versions allowed malicious users to trigger project generation from templates.
Jenkins Project Inheritance
4.3
CVSSv3
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and previous versions does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with...
Jenkins Matrix Project
4.3
CVSSv3
CVE-2020-2197
Jenkins Project Inheritance Plugin 19.08.02 and previous versions does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
Jenkins Project Inheritance
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »