jenkins

1,798 tracked vulnerabilities.

CVE-2023-41945 HIGH
Jenkins Assembla Auth Plugin < 1.14 - Missing Authorization
Sep 06, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41944 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin <= 3.0.12 - HTML Injection via Queue Name Parameter
Sep 06, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-41943 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Missing Authorization in HTTP Endpoint
Sep 06, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41942 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Cross-Site Request Forgery
Sep 06, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-41941 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Missing Authorization for Credential ID Enumeration
Sep 06, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-41940 MEDIUM
Jenkins TAP Plugin < 2.3 - Stored Cross-Site Scripting via TAP File Contents
Sep 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-41939 HIGH
Jenkins SSH2 Easy Plugin <1.4 - Privilege Escalation
Sep 06, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41938 MEDIUM
Jenkins Ivy Plugin < 2.5 - Cross-Site Request Forgery
Sep 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-41937 HIGH
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0-2.8.3 - Server-Side Request Forgery via Webhook Payload
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41936 HIGH
Jenkins Google Login Plugin <1.7 - Info Disclosure
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41935 HIGH
Jenkins Azure AD Plugin < 396.v86ce29279947 - Non-Constant Time Comparison in CSRF Nonce Check
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41934 MEDIUM
Jenkins Pipeline Maven Integration Plugin < 1330.v18e473854496 - Sensitive Information Exposure in Build Logs
Sep 06, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41933 HIGH
Jenkins Job Configuration History Plugin < 1229.v3039470161a_d - XML External Entity Injection
Sep 06, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41932 MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Directory Deletion via Timestamp Query Parameter
Sep 06, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41931 MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Stored Cross-Site Scripting in History View Timestamp
Sep 06, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-41930 MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Path Traversal via Name Query Parameter
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-4303 MEDIUM
Jenkins Fortify Plugin <22.1.38 - XSS
Aug 21, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-4302 MEDIUM
Jenkins Fortify Plugin <22.1.38 - Open Redirect
Aug 21, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-4301 MEDIUM
Jenkins Fortify Plugin <22.1.38 - CSRF
Aug 21, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-40351 MEDIUM
Jenkins Favorite View Plugin < 5.v77a_37f62782d - Cross-Site Request Forgery
Aug 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40350 MEDIUM
Jenkins Docker Swarm Plugin < 1.11 - Stored Cross-Site Scripting via Docker Response Handling
Aug 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-40349 MEDIUM
Jenkins Gogs Plugin < 1.0.15 - Unauthenticated Build Trigger via Improper Webhook Initialization
Aug 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-40348 MEDIUM
Jenkins Gogs Plugin < 1.0.15 - Unauthenticated Job Existence Exposure via Webhook Endpoint
Aug 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-40347 MEDIUM
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin < 1.14 - Insufficiently Protected Credentials
Aug 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-40346 MEDIUM
Jenkins Shortcut Job Plugin < 0.4 - Stored Cross-Site Scripting via Unescaped Redirection URL
Aug 16, 2023
CVSS 5.4
EPSS 0.00