jenkins
1,798 tracked vulnerabilities.
CVE-2023-41945
HIGH
Jenkins Assembla Auth Plugin < 1.14 - Missing Authorization
Sep 06, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41944
MEDIUM
Jenkins AWS CodeCommit Trigger Plugin <= 3.0.12 - HTML Injection via Queue Name Parameter
Sep 06, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-41943
MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Missing Authorization in HTTP Endpoint
Sep 06, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41942
MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Cross-Site Request Forgery
Sep 06, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-41941
MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Missing Authorization for Credential ID Enumeration
Sep 06, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-41940
MEDIUM
Jenkins TAP Plugin < 2.3 - Stored Cross-Site Scripting via TAP File Contents
Sep 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-41939
HIGH
Jenkins SSH2 Easy Plugin <1.4 - Privilege Escalation
Sep 06, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41938
MEDIUM
Jenkins Ivy Plugin < 2.5 - Cross-Site Request Forgery
Sep 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-41937
HIGH
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0-2.8.3 - Server-Side Request Forgery via Webhook Payload
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41936
HIGH
Jenkins Google Login Plugin <1.7 - Info Disclosure
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41935
HIGH
Jenkins Azure AD Plugin < 396.v86ce29279947 - Non-Constant Time Comparison in CSRF Nonce Check
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41934
MEDIUM
Jenkins Pipeline Maven Integration Plugin < 1330.v18e473854496 - Sensitive Information Exposure in Build Logs
Sep 06, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-41933
HIGH
Jenkins Job Configuration History Plugin < 1229.v3039470161a_d - XML External Entity Injection
Sep 06, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41932
MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Directory Deletion via Timestamp Query Parameter
Sep 06, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41931
MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Stored Cross-Site Scripting in History View Timestamp
Sep 06, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-41930
MEDIUM
Jenkins Job Configuration History Plugin < 1227.v7a_79fc4dc01f - Path Traversal via Name Query Parameter
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-4303
MEDIUM
Jenkins Fortify Plugin <22.1.38 - XSS
Aug 21, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-4302
MEDIUM
Jenkins Fortify Plugin <22.1.38 - Open Redirect
Aug 21, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-4301
MEDIUM
Jenkins Fortify Plugin <22.1.38 - CSRF
Aug 21, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-40351
MEDIUM
Jenkins Favorite View Plugin < 5.v77a_37f62782d - Cross-Site Request Forgery
Aug 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40350
MEDIUM
Jenkins Docker Swarm Plugin < 1.11 - Stored Cross-Site Scripting via Docker Response Handling
Aug 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-40349
MEDIUM
Jenkins Gogs Plugin < 1.0.15 - Unauthenticated Build Trigger via Improper Webhook Initialization
Aug 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-40348
MEDIUM
Jenkins Gogs Plugin < 1.0.15 - Unauthenticated Job Existence Exposure via Webhook Endpoint
Aug 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-40347
MEDIUM
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin < 1.14 - Insufficiently Protected Credentials
Aug 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-40346
MEDIUM
Jenkins Shortcut Job Plugin < 0.4 - Stored Cross-Site Scripting via Unescaped Redirection URL
Aug 16, 2023
CVSS 5.4
EPSS 0.00
Products
jenkins 267
pipeline\ 40
script_security 35
active_directory 12
blue_ocean 11
email_extension 11
git 11
build_failure_analyzer 9
config_file_provider 9
configuration_as_code 9
credentials_binding 8
github_branch_source 8
ns-nd_integration_performance_publisher 8
html_publisher 7
job_configuration_history 7
kubernetes 7
openid_connect_authentication 7
openshift_deployer 7
rundeck 7
subversion 7
amazon_ec2 6
azure_ad 6
azure_vm_agents 6
deployment_dashboard 6
electricflow 6
gerrit_trigger 6
git_client 6
git_parameter 6
github 6
github_pull_request_builder 6
Quick Filters