Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-0791
Jenkins prior to 1.650 and LTS prior to 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote malicious users to bypass a CSRF protection mechanism via a brute-force approach.
Redhat Openshift 3.1
Jenkins Jenkins
Jenkins Jenkins 1.642.1
7.3
CVSSv3
CVE-2016-3102
The Script Security plugin prior to 1.18.1 in Jenkins might allow remote malicious users to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
Jenkins Script Security 1.10
Jenkins Script Security 1.9
Jenkins Script Security 1.8
Jenkins Script Security 1.7
Jenkins Script Security 1.13
Jenkins Script Security 1.11
Jenkins Script Security 1.6
Jenkins Script Security 1.4
Jenkins Script Security 1.18
Jenkins Script Security 1.17
Jenkins Script Security 1.16
Jenkins Script Security 1.15
Jenkins Script Security 1.2
Jenkins Script Security 1.1
Jenkins Script Security 1.0
Jenkins Script Security 1.14
Jenkins Script Security 1.12
Jenkins Script Security 1.5
Jenkins Script Security 1.3
7.5
CVSSv3
CVE-2012-0785
Hash collision attack vulnerability in Jenkins prior to 1.447, Jenkins LTS prior to 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x prior to 1.424.2.1 and 1.400.x prior to 1.400.0.11 could allow remote malicious users to cause a considerable CPU load, aka "the Hash DoS ...
Cloudbees Jenkins
Jenkins Jenkins
1 Github repository
6.1
CVSSv3
CVE-2017-1000109
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
Jenkins Owasp Dependency-check 1.0.1
Jenkins Owasp Dependency-check 1.0.7
Jenkins Owasp Dependency-check 1.1.0
Jenkins Owasp Dependency-check 1.1.4.1
Jenkins Owasp Dependency-check 1.2.1
Jenkins Owasp Dependency-check 1.2.4
Jenkins Owasp Dependency-check 1.2.6
Jenkins Owasp Dependency-check 1.2.11.1
Jenkins Owasp Dependency-check 1.3.1
Jenkins Owasp Dependency-check 1.3.6
Jenkins Owasp Dependency-check 1.4.1
Jenkins Owasp Dependency-check 2.0.0
Jenkins Owasp Dependency-check 2.0.1.1
Jenkins Owasp Dependency-check 1.1.1.1
Jenkins Owasp Dependency-check 1.1.1.2
Jenkins Owasp Dependency-check 1.1.2
Jenkins Owasp Dependency-check 1.1.3
Jenkins Owasp Dependency-check 1.2.7.1
Jenkins Owasp Dependency-check 1.2.8
Jenkins Owasp Dependency-check 1.2.9
Jenkins Owasp Dependency-check 1.2.10
Jenkins Owasp Dependency-check 1.4.2
NA
CVE-2013-6372
The Subversion plugin prior to 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
Jenkins-ci Subversion-plugin 1.27
Jenkins-ci Subversion-plugin 1.44
Jenkins-ci Subversion-plugin 1.18
Jenkins-ci Subversion-plugin 1.12
Jenkins-ci Subversion-plugin 1.39
Jenkins-ci Subversion-plugin 1.38
Jenkins-ci Subversion-plugin 1.24
Jenkins-ci Subversion-plugin 1.32
Jenkins-ci Subversion-plugin 1.1
Jenkins-ci Subversion-plugin 1.46
Jenkins-ci Subversion-plugin 1.0
Jenkins-ci Subversion-plugin 1.45
Jenkins-ci Subversion-plugin 1.41
Jenkins-ci Subversion-plugin 1.50
Jenkins-ci Subversion-plugin 1.3
Jenkins-ci Subversion-plugin 1.16
Jenkins-ci Subversion-plugin 1.11
Jenkins-ci Subversion-plugin 1.19
Jenkins-ci Subversion-plugin 1.30
Jenkins-ci Subversion-plugin 1.17
Jenkins-ci Subversion-plugin 1.35
Jenkins-ci Subversion-plugin 1.14
6.3
CVSSv3
CVE-2017-1000091
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access ...
Jenkins Github Branch Source 1.1
Jenkins Github Branch Source 1.2
Jenkins Github Branch Source 1.3
Jenkins Github Branch Source 1.4
Jenkins Github Branch Source 0.1
Jenkins Github Branch Source 1.0
Jenkins Github Branch Source 1.6
Jenkins Github Branch Source 2.0.0
Jenkins Github Branch Source 2.0.1
Jenkins Github Branch Source 2.0.2
Jenkins Github Branch Source 2.0.4
Jenkins Github Branch Source 2.2.0
Jenkins Github Branch Source 1.8
Jenkins Github Branch Source 1.8.1
Jenkins Github Branch Source 1.9
Jenkins Github Branch Source 1.10
Jenkins Github Branch Source 2.0.5
Jenkins Github Branch Source 2.0.6
Jenkins Github Branch Source 2.0.7
Jenkins Github Branch Source 1.5
Jenkins Github Branch Source 1.7
Jenkins Github Branch Source 2.0.3
4.3
CVSSv3
CVE-2017-1000087
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those...
Jenkins Github Branch Source 0.1
Jenkins Github Branch Source 1.0
Jenkins Github Branch Source 1.1
Jenkins Github Branch Source 1.2
Jenkins Github Branch Source 2.0.1
Jenkins Github Branch Source 2.2.0
Jenkins Github Branch Source 1.7
Jenkins Github Branch Source 1.8
Jenkins Github Branch Source 1.8.1
Jenkins Github Branch Source 1.9
Jenkins Github Branch Source 2.0.3
Jenkins Github Branch Source 2.0.4
Jenkins Github Branch Source 2.0.5
Jenkins Github Branch Source 1.4
Jenkins Github Branch Source 1.5
Jenkins Github Branch Source 2.0.0
Jenkins Github Branch Source
Jenkins Github Branch Source 1.3
Jenkins Github Branch Source 1.6
Jenkins Github Branch Source 1.10
Jenkins Github Branch Source 2.0.2
Jenkins Github Branch Source 2.0.6
8.8
CVSSv3
CVE-2023-49673
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified hostname and port using attacker-specified username and password.
Jenkins Neuvector Vulnerability Scanner
Jenkins Jira
Jenkins Google Compute Engine
Jenkins Matlab
NA
CVE-2014-3679
The Monitoring plugin prior to 1.53.0 for Jenkins allows remote malicious users to obtain sensitive information by accessing unspecified pages.
Jenkins-ci Monitoring Plugin 1.46.0
Jenkins-ci Monitoring Plugin 1.45.0
Jenkins-ci Monitoring Plugin 1.44.0
Jenkins-ci Monitoring Plugin 1.43.0
Jenkins-ci Monitoring Plugin 1.49.0
Jenkins-ci Monitoring Plugin 1.47.0
Jenkins-ci Monitoring Plugin 1.42.0
Jenkins-ci Monitoring Plugin 1.40.0
Jenkins-ci Monitoring Plugin
Jenkins-ci Monitoring Plugin 1.52.0
Jenkins-ci Monitoring Plugin 1.51.0
Jenkins-ci Monitoring Plugin 1.50.0
Jenkins-ci Monitoring Plugin 1.48.0
Jenkins-ci Monitoring Plugin 1.41.0
4.3
CVSSv3
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and previous versions transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
Jenkins Jenkins
Jenkins Soapui Pro Functional Testing
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »