jenkins

1,798 tracked vulnerabilities.

CVE-2019-10469 MEDIUM
Jenkins Kubernetes CI < 1.3 - Missing Permission Check for Credential Capture
Oct 23, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10468 HIGH
Jenkins Kubernetes CI < 1.3 - Cross-Site Request Forgery via Credential Capture
Oct 23, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10467 MEDIUM
Jenkins Sonar Gerrit Plugin < 2.3 - Insufficiently Protected Credentials in Job Config
Oct 23, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10466 HIGH
Jenkins 360 FireLine Plugin < 1.7.2 - XML External Entity Injection
Oct 23, 2019
CVSS 8.1
EPSS 0.01
CVE-2019-10465 MEDIUM
Jenkins Deploy WebLogic Plugin < 4.1 - Server-Side Request Forgery and Information Disclosure via URL Connection
Oct 23, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10464 HIGH
Jenkins Deploy WebLogic Plugin < 4.1 - Cross-Site Request Forgery
Oct 23, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10463 MEDIUM
Jenkins Dynatrace Application Monitoring < 2.1.4 - Incorrect Default Permissions
Oct 23, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10462 HIGH
Jenkins Dynatrace Application Monitoring < 2.1.3 - Cross-Site Request Forgery
Oct 23, 2019
CVSS 8.1
EPSS 0.01
CVE-2019-10461 HIGH
Jenkins Dynatrace Application Monitoring < 2.1.3 - Insufficiently Protected Credentials
Oct 23, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-10460 HIGH
Jenkins Bitbucket OAuth Plugin < 0.9 - Unprotected Credential Storage in config.xml
Oct 23, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-10459 MEDIUM
Jenkins Mattermost Notification Plugin < 2.7.0 - Insufficiently Protected Credentials in Global Configuration
Oct 23, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10458 CRITICAL
Jenkins Puppet Enterprise Pipeline <1.3.1 - Code Injection
Oct 16, 2019
CVSS 9.9
EPSS 0.02
CVE-2019-10457 MEDIUM
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin < 1.0.0 - Missing Authorization
Oct 16, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10456 MEDIUM
Jenkins Oracle Cloud Infrastructure Compute Classic Plugin < 1.0.0 - Cross-Site Request Forgery
Oct 16, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10455 MEDIUM
Jenkins Rundeck Plugin < 3.6.5 and org.jenkins-ci.plugins/rundeck < 3.6.6 - Missing Authorization for URL Connection
Oct 16, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10454 MEDIUM
Jenkins Rundeck Plugin < 3.6.5 - Cross-Site Request Forgery
Oct 16, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10453 HIGH
Jenkins Delphix Plugin < 2.0.4 - Cleartext Storage of Sensitive Information in Global Configuration
Oct 16, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-10452 MEDIUM
Jenkins View26 Test-Reporting Plugin < 1.0.7 - Cleartext Storage of Sensitive Information in Job Config Files
Oct 16, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-10451 MEDIUM
Jenkins SOASTA CloudTest < 2.25 - Cleartext Storage of Sensitive Information in Global Configuration
Oct 16, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-10450 LOW
Jenkins ElasticBox CI Plugin < 5.0.1 - Cleartext Storage of Sensitive Information in Global Configuration
Oct 16, 2019
CVSS 3.3
EPSS 0.00
CVE-2019-10449 HIGH
Jenkins Fortify on Demand Plugin <4.0.0 & fortify-on-demand-uploader <5.0.0 - Cleartext Storage of Sensitive Info
Oct 16, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10448 HIGH
Jenkins Extensive Testing Plugin - Insufficiently Protected Credentials in Job Config Files
Oct 16, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10447 MEDIUM
Jenkins Sofy.AI Plugin < 1.0.3 - Cleartext Storage of Sensitive Information in Job config.xml
Oct 16, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10446 HIGH
Jenkins Cadence vManager Plugin < 2.7.0 - SSL/TLS and Hostname Verification Disabled
Oct 16, 2019
CVSS 8.2
EPSS 0.01
CVE-2019-10445 MEDIUM
Jenkins Google Kubernetes Engine Plugin < 0.7.0 - Missing Authorization
Oct 16, 2019
CVSS 4.3
EPSS 0.01