jenkins

1,798 tracked vulnerabilities.

CVE-2023-35142 HIGH
Jenkins Checkmarx Plugin < 2023.4.3 - Improper Certificate Validation
Jun 14, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-35141 HIGH
Jenkins < 2.400 - Cross-Site Request Forgery via Context Menu URL
Jun 14, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-2631 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - SSRF
May 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2195 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - CSRF
May 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2633 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - Info Disclosure
May 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2632 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - Info Disclosure
May 16, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-2196 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - Info Disclosure
May 16, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-33007 MEDIUM
Jenkins LoadComplete support Plugin <= 1.0 - Stored Cross-Site Scripting in LoadComplete Test Name
May 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33006 MEDIUM
Jenkins WSO2 Oauth Plugin < 1.0 - Cross-Site Request Forgery
May 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33005 MEDIUM
Jenkins WSO2 Oauth Plugin < 1.0 - Insufficient Session Expiration
May 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33004 MEDIUM
Jenkins Tag Profiler Plugin < 0.2 - Unauthenticated Statistics Reset via Missing Permission Check
May 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-33003 MEDIUM
Jenkins Tag Profiler Plugin < 0.2 - Cross-Site Request Forgery
May 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-33002 MEDIUM
Jenkins TestComplete support Plugin < 2.8.1 - Stored Cross-Site Scripting via TestComplete Project Name
May 16, 2023
CVSS 5.4
EPSS 0.02
CVE-2023-33001 HIGH
Jenkins HashiCorp Vault Plugin < 360.v0a_1c04cf807d - Credential Exposure in Build Logs via Durable Task Logging
May 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-33000 HIGH
Jenkins NS-ND Integration Performance Publisher Plugin <= 4.8.0.149 - Insufficiently Protected Credentials
May 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32999 MEDIUM
Jenkins AppSpider Plugin <= 1.0.15 - Missing Permission Check for HTTP POST Requests
May 16, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-32998 HIGH
Jenkins AppSpider Plugin <= 1.0.15 - Cross-Site Request Forgery via HTTP POST Request
May 16, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-32997 HIGH
Jenkins CAS Plugin <1.6.2 - Auth Bypass
May 16, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-32996 MEDIUM
Jenkins SAML Single Sign-On Plugin < 2.0.0 - Unauthenticated Email Spoofing via miniOrange API
May 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-32995 HIGH
Jenkins SAML Single Sign On Plugin < 2.0.0 - Cross-Site Request Forgery via Email API
May 16, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-32994 LOW
Jenkins SAML Single Sign On Plugin < 2.1.0 - Improper Certificate Validation
May 16, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-32993 MEDIUM
Jenkins SAML Single Sign On Plugin < 2.0.2 - Insufficient Verification of Data Authenticity via SAML Metadata Retrieval
May 16, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-32992 HIGH
Jenkins SAML Single Sign On Plugin < 2.0.2 - Server-Side Request Forgery and XML External Entity Injection
May 16, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-32991 HIGH
Jenkins SAML Single Sign On Plugin < 2.0.2 - Cross-Site Request Forgery
May 16, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-32990 MEDIUM
Jenkins Azure VM Agents Plugin < 852.v8d35f0960a_43 - Missing Permission Check for Azure Cloud Server Connection
May 16, 2023
CVSS 6.5
EPSS 0.01