jenkins
1,798 tracked vulnerabilities.
CVE-2019-10346
MEDIUM
Jenkins Embeddable Build Status Plugin < 2.0.1 - Reflected Cross-Site Scripting
Jul 11, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-10342
MEDIUM
Jenkins Docker Plugin < 1.1.6 - Missing Authorization in fillCredentialsIdItems Methods
Jul 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10341
MEDIUM
Jenkins Docker Plugin < 1.1.6 - Missing Authorization in Test Connection Feature
Jul 11, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-10340
HIGH
Jenkins Docker Plugin < 1.1.6 - Cross-Site Request Forgery via Test Connection
Jul 11, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10339
HIGH
Jenkins JX Resources Plugin <= 1.0.36 - Missing Authorization in GlobalPluginConfiguration
Jun 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10338
HIGH
Jenkins JX Resources Plugin < 1.0.36 - Cross-Site Request Forgery via GlobalPluginConfiguration#doValidateClient
Jun 11, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10337
HIGH
Jenkins Token Macro Plugin < 2.7 - XML External Entity Injection via XML Macro
Jun 11, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10336
MEDIUM
Jenkins ElectricFlow < 1.1.6 - Cross-Site Scripting via Post-Build Step Configuration
Jun 11, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-10335
MEDIUM
Jenkins ElectricFlow < 1.1.6 - Stored Cross-Site Scripting via Build Status Page
Jun 11, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-10334
MEDIUM
Jenkins ElectricFlow < 1.1.5 - SSL/TLS and Hostname Verification Disabled via MultipartUtility.java
Jun 11, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10333
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in HTTP Endpoints
Jun 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10332
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in Configuration Connection Test
Jun 11, 2019
CVSS 4.3
EPSS 0.02
CVE-2019-10331
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Cross-Site Request Forgery via Configuration Test Connection
Jun 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10328
CRITICAL
Jenkins Pipeline Remote Loader Plugin <1.4 - Code Injection
May 31, 2019
CVSS 9.9
EPSS 0.02
CVE-2019-10327
HIGH
Jenkins Pipeline Maven Integration Plugin < 1.7.0 - XML External Entity Injection via Malicious XML File
May 31, 2019
CVSS 8.1
EPSS 0.01
CVE-2019-10326
MEDIUM
Jenkins Warnings NG Plugin <= 5.0.0 - Cross-Site Request Forgery
May 31, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10325
MEDIUM
Jenkins Warnings NG Plugin < 5.0.0 - Authenticated Stored Cross-Site Scripting in Build Overview Pages
May 31, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-10320
MEDIUM
Jenkins Credentials Plugin <2.1.18 - Info Disclosure
May 21, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10319
MEDIUM
Jenkins PAM Authentication Plugin 1.5 and earlier - Missing Authorization in PamSecurityRealm.DescriptorImpl#doTest
May 21, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10318
HIGH
Jenkins Azure AD Plugin <= 0.3.3 - Insufficiently Protected Credentials in Global Configuration
Apr 30, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10317
MEDIUM
Jenkins SiteMonitor Plugin < 0.5 - SSL/TLS and Hostname Verification Disabled
Apr 30, 2019
CVSS 5.9
EPSS 0.01
CVE-2019-10316
HIGH
Jenkins Aqua MicroScanner Plugin <= 1.0.5 - Insufficiently Protected Credentials
Apr 30, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10315
HIGH
Jenkins GitHub Authentication Plugin < 0.31 - Cross-Site Request Forgery via OAuth State Parameter
Apr 30, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10314
MEDIUM
Jenkins Koji Plugin < 0.3 - Improper Certificate Validation
Apr 30, 2019
CVSS 5.9
EPSS 0.01
CVE-2019-10313
HIGH
Jenkins Twitter Plugin < 0.7 - Insufficiently Protected Credentials
Apr 30, 2019
CVSS 8.8
EPSS 0.02
Products
jenkins 267
pipeline\ 40
script_security 35
active_directory 12
blue_ocean 11
email_extension 11
git 11
build_failure_analyzer 9
config_file_provider 9
configuration_as_code 9
credentials_binding 8
github_branch_source 8
ns-nd_integration_performance_publisher 8
html_publisher 7
job_configuration_history 7
kubernetes 7
openid_connect_authentication 7
openshift_deployer 7
rundeck 7
subversion 7
amazon_ec2 6
azure_ad 6
azure_vm_agents 6
deployment_dashboard 6
electricflow 6
gerrit_trigger 6
git_client 6
git_parameter 6
github 6
github_pull_request_builder 6
Quick Filters