Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43494
Jenkins 2.50 up to and including 2.423 (both inclusive), LTS 2.60.1 up to and including 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission ...
Jenkins Jenkins
NA
CVE-2023-43495
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to ...
Jenkins Jenkins
NA
CVE-2023-43496
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system tem...
Jenkins Jenkins
NA
CVE-2023-43497
In Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attacker...
Jenkins Jenkins
NA
CVE-2023-43498
In Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers ...
Jenkins Jenkins
4
CVSSv2
CVE-2017-1000355
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
Jenkins Jenkins
5
CVSSv2
CVE-2017-1000362
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins n...
Jenkins Jenkins
5
CVSSv2
CVE-2017-1000394
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenk...
Jenkins Jenkins
4
CVSSv2
CVE-2017-1000395
Jenkins 2.73.1 and previous versions, 2.83 and previous versions provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses i...
Jenkins Jenkins
4
CVSSv2
CVE-2017-1000399
The Jenkins 2.73.1 and previous versions, 2.83 and previous versions remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. du...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »