jenkins

1,798 tracked vulnerabilities.

CVE-2022-23118 HIGH
Jenkins Debian Package Builder Plugin < 1.6.11 - OS Command Execution via Agent-Controlled Git Path
Jan 12, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-23117 HIGH
Jenkins Conjur Secrets Plugin < 1.0.9 - Credential Exposure via Agent Process Control
Jan 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23116 HIGH
Jenkins Conjur Secrets Plugin < 1.0.9 - Sensitive Data Exposure via Agent Process Decryption
Jan 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23115 MEDIUM
Jenkins batch task < 1.19 - Cross-Site Request Forgery
Jan 12, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-23114 LOW
Jenkins Publish Over SSH Plugin <= 1.22 - Insufficiently Protected Credentials
Jan 12, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-23113 MEDIUM
Jenkins Publish Over SSH Plugin <= 1.22 - Path Traversal via File Name Validation
Jan 12, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-23112 MEDIUM
Jenkins Publish Over SSH Plugin < 1.22 - Missing Authorization for SSH Server Connection
Jan 12, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23111 MEDIUM
Jenkins Publish Over SSH Plugin < 1.22 - Cross-Site Request Forgery
Jan 12, 2022
CVSS 4.3
EPSS 0.27
CVE-2022-23110 MEDIUM
Jenkins Publish Over SSH Plugin <= 1.22 - Stored Cross-Site Scripting via SSH Server Name
Jan 12, 2022
CVSS 4.8
EPSS 0.01
CVE-2022-23109 MEDIUM
Jenkins HashiCorp Vault Plugin <= 3.7.0 - Credential Exposure in Pipeline Build Logs
Jan 12, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-23108 MEDIUM
Jenkins Badge Plugin < 1.9 - Stored Cross-Site Scripting via Badge Description
Jan 12, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-23107 HIGH
Jenkins Warnings Next Generation Plugin <= 9.10.2 - Path Traversal via Custom ID Configuration
Jan 12, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-23106 MEDIUM
Jenkins Configuration as Code Plugin < 1.55 - Authentication Token Timing Attack
Jan 12, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23105 MEDIUM
Jenkins Active Directory Plugin < 2.25 - Cleartext Transmission of Sensitive Information
Jan 12, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-20621 MEDIUM
Jenkins Metrics Plugin <4.0.2.8 - Info Disclosure
Jan 12, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-20620 MEDIUM
Jenkins SSH Agent Plugin <1.23 - Info Disclosure
Jan 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-20619 HIGH
Jenkins Bitbucket Branch Source Plugin <737.vdf9dc06105be - CSRF
Jan 12, 2022
CVSS 7.1
EPSS 0.01
CVE-2022-20618 MEDIUM
Jenkins Bitbucket Branch Source Plugin < 737.vdf9dc06105be - Missing Authorization for Credential ID Enumeration
Jan 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-20617 HIGH
Jenkins Docker Commons Plugin <1.17 - Command Injection
Jan 12, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-20616 MEDIUM
Jenkins Credentials Binding Plugin <1.27 - Privilege Escalation
Jan 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-20615 MEDIUM
Jenkins Matrix Project Plugin <1.19 - XSS
Jan 12, 2022
CVSS 5.4
EPSS 0.82
CVE-2022-20614 MEDIUM
Jenkins Mailer Plugin <391.ve4a_38c1f - Info Disclosure
Jan 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-20613 MEDIUM
Jenkins Mailer Plugin <391.ve4a_38c1b_cf4b - CSRF
Jan 12, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-20612 MEDIUM
Jenkins < 2.319.1 and 2.320-2.329 - Cross-Site Request Forgery
Jan 12, 2022
CVSS 4.3
EPSS 0.02
CVE-2021-43859 HIGH
XStream <1.4.19 - DoS
Feb 01, 2022
CVSS 7.5
EPSS 0.08