Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-21640
Jenkins 2.286 and previous versions, LTS 2.277.1 and previous versions does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
Jenkins Jenkins
7.5
CVSSv3
CVE-2021-21671
Jenkins 2.299 and previous versions, LTS 2.289.1 and previous versions does not invalidate the previous session on login.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21692
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
Jenkins Jenkins
9.1
CVSSv3
CVE-2021-21697
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Jenkins Jenkins
7.5
CVSSv3
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and previous versions, LTS 2.176.1 and previous versions did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
Jenkins Jenkins
NA
CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Jenkins Jenkins
NA
CVE-2013-0329
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to bypass the CSRF protection mechanism via unknown attack vectors.
Jenkins Jenkins
NA
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
4.3
CVSSv3
CVE-2023-43494
Jenkins 2.50 up to and including 2.423 (both inclusive), LTS 2.60.1 up to and including 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission ...
Jenkins Jenkins
8.8
CVSSv3
CVE-2023-43496
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system tem...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »