Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2017-2604
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
Jenkins Jenkins
4.3
CVSSv3
CVE-2017-2606
Jenkins prior to 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items vi...
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2607
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious ...
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-2608
Jenkins prior to 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2610
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2612
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
Jenkins Jenkins
5.4
CVSSv3
CVE-2019-10402
In Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
Jenkins Jenkins
5.4
CVSSv3
CVE-2019-10404
Jenkins 2.196 and previous versions, LTS 2.176.3 and previous versions did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expre...
Jenkins Jenkins
6.1
CVSSv3
CVE-2012-4439
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
Jenkins Jenkins
6.1
CVSSv3
CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the CI game plugin.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »