Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-2599
Jenkins prior to 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2607
jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious ...
Jenkins Jenkins
4.3
CVSSv3
CVE-2017-2609
jenkins prior to 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have...
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2612
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
Jenkins Jenkins
5.4
CVSSv3
CVE-2017-2613
jenkins prior to 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-41224
Jenkins 2.367 up to and including 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for th...
Jenkins Jenkins
6.1
CVSSv3
CVE-2012-4439
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
Jenkins Jenkins
6.1
CVSSv3
CVE-2012-4440
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the Violations plugin.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2162
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2163
Jenkins 2.227 and previous versions, LTS 2.204.5 and previous versions improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »