Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27900
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing malicious user...
Jenkins Jenkins
4
CVSSv2
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21602
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Jenkins Jenkins
3.5
CVSSv2
CVE-2021-21603
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
6
CVSSv2
CVE-2021-21604
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an admi...
Jenkins Jenkins
4
CVSSv2
CVE-2021-21606
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions improperly validates the format of a provided fingerprint ID when checking for its existence allowing an malicious user to check for the existence of XML files with a short path.
Jenkins Jenkins
4
CVSSv2
CVE-2021-21607
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not limit sizes provided as query parameters to graph-rendering URLs, allowing malicious users to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Jenkins Jenkins
3.5
CVSSv2
CVE-2021-21608
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
Jenkins Jenkins
5
CVSSv2
CVE-2021-21609
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
Jenkins Jenkins
4.3
CVSSv2
CVE-2021-21610
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup f...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »