Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27904
Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Jenkins Jenkins
4
CVSSv2
CVE-2017-2598
Jenkins prior to 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
Jenkins Jenkins
4
CVSSv2
CVE-2017-2600
In jenkins prior to 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
Jenkins Jenkins
3.5
CVSSv2
CVE-2017-2601
Jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
Jenkins Jenkins
4
CVSSv2
CVE-2017-2602
jenkins prior to 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
Jenkins Jenkins
3.5
CVSSv2
CVE-2017-2603
Jenkins prior to 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
Jenkins Jenkins
4
CVSSv2
CVE-2017-2606
Jenkins prior to 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items vi...
Jenkins Jenkins
3.5
CVSSv2
CVE-2020-2220
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
3.5
CVSSv2
CVE-2020-2222
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
3.5
CVSSv2
CVE-2020-2223
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »