jenkins

1,798 tracked vulnerabilities.

CVE-2026-33004 MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33003 MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33002 HIGH
Jenkins 2.426.3-2.554 - DNS Rebinding
Mar 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33001 HIGH
Jenkins < 2.555 and LTS < 2.541.3 - Arbitrary File Write via Symbolic Link Handling in Archive Extraction
Mar 18, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-27100 MEDIUM
Jenkins < 2.551 and LTS < 2.541.2 - Exposure of Sensitive Build Information via Run Parameter
Feb 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27099 HIGH
Jenkins 2.483-2.550 and LTS 2.492.1-2.541.1 - Stored Cross-Site Scripting in Offline Cause Description
Feb 18, 2026
CVSS 8.0
EPSS 0.01
CVE-2025-67643 MEDIUM
Jenkins Redpen - Pipeline Reporter for Jira Plugin < 1.054.v7b_9517b_6b_202 Path Traversal
Dec 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67642 MEDIUM
Jenkins HashiCorp Vault Plugin <371.v884a_4dd60fb_6 - Privilege Esc...
Dec 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67641 MEDIUM
Jenkins Coverage Plugin < 2.3054.ve1ff7b_a_a_123b - Stored Cross-Site Scripting via REST API Configuration
Dec 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-67640 MEDIUM
Jenkins Git client Plugin < 6.4.1 - OS Command Injection via Workspace Directory Name
Dec 10, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-67639 LOW
Jenkins < 2.528.3, 2.529-2.540 - Cross-Site Request Forgery
Dec 10, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-67638 MEDIUM
Jenkins < 2.528.3 and 2.529-2.540 - Cleartext Storage of Sensitive Information in Job Configuration Form
Dec 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67637 MEDIUM
Jenkins < 2.528.3, 2.529-2.540 - Cleartext Storage of Build Authorization Tokens in config.xml
Dec 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67636 MEDIUM
Jenkins < 2.528.3, 2.529-2.540 - Missing Authorization for Encrypted Password Viewing
Dec 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67635 HIGH
Jenkins < 2.528.3 and 2.529-2.540 - Unauthenticated Denial of Service via HTTP CLI Connection Handling
Dec 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64150 MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Missing Authorization for Credential Capture via URL Connection
Oct 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64149 MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Cross-Site Request Forgery
Oct 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64148 MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Missing Authorization for Credential ID Enumeration
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64147 MEDIUM
Jenkins Curseforge Publisher Plugin 1.0 - Sensitive Data Exposure via Unmasked API Keys
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64146 MEDIUM
Jenkins Curseforge Publisher Plugin 1.0 - Unencrypted API Key Storage in config.xml
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64145 MEDIUM
Jenkins ByteGuard Build Actions Plugin 1.0 - Sensitive Data Exposure via Unmasked API Tokens
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64144 MEDIUM
Jenkins ByteGuard Build Actions Plugin 1.0 - Unencrypted API Token Storage in Job Configuration
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64143 MEDIUM
Jenkins OpenShift Pipeline Plugin <= 1.0.57 - Unencrypted Authorization Token Storage in config.xml
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64142 MEDIUM
Jenkins Nexus Task Runner Plugin <= 0.9.2 - Missing Authorization for URL Connection
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64141 MEDIUM
Jenkins Nexus Task Runner Plugin <= 0.9.2 - Cross-Site Request Forgery
Oct 29, 2025
CVSS 4.3
EPSS 0.00