jenkins
1,798 tracked vulnerabilities.
CVE-2020-2120
HIGH
Jenkins FitNesse Plugin < 1.30 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2119
MEDIUM
Jenkins Azure AD Plugin <= 1.1.2 - Insufficiently Protected Credentials
Feb 12, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2118
MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Credential ID Enumeration via Form-Related Methods
Feb 12, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2117
MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Missing Permission Check
Feb 12, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2116
HIGH
Jenkins Pipeline GitHub Notify Step < 1.0.4 - Cross-Site Request Forgery
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2115
HIGH
Jenkins NUnit < 0.25 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2114
HIGH
Jenkins S3 Publisher Plugin <= 0.11.4 - Plaintext Credential Exposure in Global Configuration
Feb 12, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-2113
MEDIUM
Jenkins Git Parameter Plugin < 0.9.11 - Stored Cross-Site Scripting via Default Value
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2112
MEDIUM
Jenkins Git Parameter Plugin <= 0.9.11 - Stored Cross-Site Scripting in Parameter Name
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2111
MEDIUM
Jenkins Subversion Plugin < 2.13.0 - Stored Cross-Site Scripting in Project Repository Base URL Field
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2110
HIGH
Jenkins Script Security Plugin < 1.69 - Sandbox Bypass via AST Transforming Annotations
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2109
HIGH
Jenkins Pipeline < 2.78 - Sandbox Protection Bypass via Default Parameter Expressions
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2108
HIGH
Jenkins WebSphere Deployer Plugin < 1.6.1 - XML External Entity Injection via Job Configuration
Jan 29, 2020
CVSS 7.6
EPSS 0.01
CVE-2020-2107
MEDIUM
Jenkins Fortify Plugin < 19.1.29 - Insufficiently Protected Credentials in Job config.xml
Jan 29, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2106
MEDIUM
Jenkins Code Coverage API Plugin < 1.1.2 - Stored Cross-Site Scripting in Coverage Report Filename
Jan 29, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2105
MEDIUM
Jenkins < 2.204.1 and < 2.218 - Clickjacking via REST API Endpoints
Jan 29, 2020
CVSS 5.4
EPSS 0.02
CVE-2020-2104
MEDIUM
Jenkins < 2.204.1 and < 2.218 - Incorrect Authorization for JVM Memory Usage Chart
Jan 29, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2103
MEDIUM
NUCLEI
Jenkins < 2.204.1, 2.205-2.218 - Exposure of Sensitive Information via whoAmI Diagnostic Page
Jan 29, 2020
CVSS 5.4
EPSS 0.07
CVE-2020-2102
MEDIUM
Jenkins < 2.204.1 and < 2.218 - Timing Attack via HMAC Validation
Jan 29, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2101
MEDIUM
Jenkins < 2.204.1 and < 2.218 - Timing Attack via Connection Secret Validation
Jan 29, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2100
MEDIUM
Jenkins < 2.204.1 and < 2.218 - Denial of Service via UDP Amplification Reflection
Jan 29, 2020
CVSS 5.8
EPSS 0.03
CVE-2020-2099
HIGH
Jenkins <2.213-<2.204.1 - Info Disclosure
Jan 29, 2020
CVSS 8.6
EPSS 0.01
CVE-2020-2098
HIGH
Jenkins Sounds Plugin < 0.5 - Cross-Site Request Forgery
Jan 15, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2097
HIGH
Jenkins Sounds Plugin < 0.5 - OS Command Execution via Form Validation URL
Jan 15, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2096
MEDIUM
NUCLEI
Jenkins Gitlab Hook Plugin < 1.4.2 - Reflected Cross-Site Scripting via Build Now Endpoint
Jan 15, 2020
CVSS 6.1
EPSS 0.89
Products
jenkins 267
pipeline\ 40
script_security 35
active_directory 12
blue_ocean 11
email_extension 11
git 11
build_failure_analyzer 9
config_file_provider 9
configuration_as_code 9
credentials_binding 8
github_branch_source 8
ns-nd_integration_performance_publisher 8
html_publisher 7
job_configuration_history 7
kubernetes 7
openid_connect_authentication 7
openshift_deployer 7
rundeck 7
subversion 7
amazon_ec2 6
azure_ad 6
azure_vm_agents 6
deployment_dashboard 6
electricflow 6
gerrit_trigger 6
git_client 6
git_parameter 6
github 6
github_pull_request_builder 6
Quick Filters