jenkins
1,798 tracked vulnerabilities.
CVE-2021-43578
HIGH
Jenkins Squash TM Publisher <1.0.0 - Code Injection
Nov 12, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-43577
HIGH
Jenkins OWASP Dependency-Check Plugin <5.1.1 - XXE
Nov 12, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-43576
MEDIUM
Jenkins pom2config Plugin <1.2 - XXE
Nov 12, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21701
MEDIUM
Jenkins Performance Plugin < 3.20 - XML External Entity Injection
Nov 12, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21700
MEDIUM
Jenkins Scriptler Plugin < 3.3 - Stored Cross-Site Scripting in Script Deletion Confirmation
Nov 12, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21699
MEDIUM
Jenkins Active Choices Plugin < 2.5.6 - Stored Cross-Site Scripting via Reactive Parameter Name
Nov 12, 2021
CVSS 5.4
EPSS 0.88
CVE-2021-21698
HIGH
Jenkins Subversion Plugin < 2.15.0 - Path Traversal via Subversion Key File Lookup
Nov 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-21697
CRITICAL
Jenkins <2.318-<2.303.2 - Info Disclosure
Nov 04, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-21696
CRITICAL
Jenkins < 2.303.2, < 2.318 - Unauthenticated Arbitrary File Write via FilePath API
Nov 04, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-21695
HIGH
Jenkins < 2.303.3 and < 2.319 - Improper Link Resolution Before File Access
Nov 04, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-21694
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization in FilePath Methods
Nov 04, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-21693
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Incorrect Authorization in Temporary File Creation
Nov 04, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-21692
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Path Traversal via FilePath#renameTo and FilePath#moveAllChildrenTo
Nov 04, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-21691
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Symbolic Link Creation Without Required Permission
Nov 04, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-21690
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Path Traversal via Agent File Path Wrapping
Nov 04, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-21689
CRITICAL
Jenkins <2.318-2.303.2 - Info Disclosure
Nov 04, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-21688
HIGH
Jenkins < 2.303.3 and < 2.319 - Missing Authorization in FilePath Reading
Nov 04, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-21687
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization for Symbolic Link Creation in FilePath#untar
Nov 04, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-21686
HIGH
Jenkins < 2.303.3 and < 2.319 - Path Traversal via Symbolic Link Following
Nov 04, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-21685
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization for Directory Creation via FilePath#mkdirs
Nov 04, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-21684
MEDIUM
Jenkins Git Plugin < 4.8.2 - Stored Cross-Site Scripting via Git SHA-1 Checksum Parameter
Oct 06, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21683
MEDIUM
Jenkins < 2.303.1, < 2.314 - Path Traversal via Windows File Browser
Oct 06, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21682
MEDIUM
Jenkins <2.314-<2.303.1 - Info Disclosure
Oct 06, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-21681
MEDIUM
Jenkins Nomad Plugin < 0.7.4 - Insufficiently Protected Docker Credentials
Aug 31, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-21680
HIGH
Jenkins Nested View Plugin < 1.20 - XML External Entity Injection
Aug 31, 2021
CVSS 7.1
EPSS 0.01
Products
jenkins 267
pipeline\ 40
script_security 35
active_directory 12
blue_ocean 11
email_extension 11
git 11
build_failure_analyzer 9
config_file_provider 9
configuration_as_code 9
credentials_binding 8
github_branch_source 8
ns-nd_integration_performance_publisher 8
html_publisher 7
job_configuration_history 7
kubernetes 7
openid_connect_authentication 7
openshift_deployer 7
rundeck 7
subversion 7
amazon_ec2 6
azure_ad 6
azure_vm_agents 6
deployment_dashboard 6
electricflow 6
gerrit_trigger 6
git_client 6
git_parameter 6
github 6
github_pull_request_builder 6
Quick Filters