Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-21687
Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.
Jenkins Jenkins
7.5
CVSSv3
CVE-2021-21688
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#cop...
Jenkins Jenkins
9.1
CVSSv3
CVE-2021-21689
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21690
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21692
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21693
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
9.8
CVSSv3
CVE-2021-21694
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
8.8
CVSSv3
CVE-2021-21695
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and previous versions, LTS 2.303.2 and previous versions.
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34170
In Jenkins 2.320 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vu...
Jenkins Jenkins
5.4
CVSSv3
CVE-2022-34171
In Jenkins 2.321 up to and including 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' at...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »