Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2012-4438
Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
Jenkins Jenkins
1 Github repository
6.1
CVSSv3
CVE-2012-4440
Cross-site Scripting (XSS) in Jenkins main prior to 1.482 and LTS prior to 1.466.2 allows remote malicious users to inject arbitrary web script or HTML in the Violations plugin.
Jenkins Jenkins
5.4
CVSSv3
CVE-2021-21603
Jenkins 2.274 and previous versions, LTS 2.263.1 and previous versions does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
7.5
CVSSv3
CVE-2018-1999043
A denial of service vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows malicious users to create ephemeral in-memory user records by attempting to log in u...
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2221
Jenkins 2.244 and previous versions, LTS 2.235.1 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
Jenkins Jenkins
5.4
CVSSv3
CVE-2020-2229
Jenkins 2.251 and previous versions, LTS 2.235.3 and previous versions does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Jenkins
2 Github repositories
8.8
CVSSv3
CVE-2017-1000354
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authe...
Jenkins Jenkins
8.8
CVSSv3
CVE-2017-1000356
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting ...
Jenkins Jenkins
9.8
CVSSv3
CVE-2017-1000362
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins n...
Jenkins Jenkins
8.1
CVSSv3
CVE-2023-43498
In Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers ...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »