Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-28151
Jenkins HTML Publisher Plugin 1.32 and previous versions archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exist...
NA
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and previous versions, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access t...
NA
CVE-2024-28153
Jenkins OWASP Dependency-Check Plugin 5.4.5 and previous versions does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
NA
CVE-2024-28154
Jenkins MQ Notifier Plugin 1.4.0 and previous versions logs potentially sensitive build parameters as part of debug information in build logs by default.
NA
CVE-2024-28155
Jenkins AppSpider Plugin 1.0.16 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
NA
CVE-2024-28156
Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and previous versions does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
NA
CVE-2024-28157
Jenkins GitBucket Plugin 0.8 and previous versions does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
NA
CVE-2024-28158
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and previous versions allows malicious users to trigger a build.
NA
CVE-2024-28159
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and previous versions allows attackers with Item/Read permission to trigger a build.
NA
CVE-2024-28160
Jenkins iceScrum Plugin 1.1.6 and previous versions does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »