jenkins
1,798 tracked vulnerabilities.
CVE-2024-23899
MEDIUM
Jenkins Git Server Plugin < 99.va_0826a_b_cdfa_d - Arbitrary File Read via Command Parser
Jan 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23898
HIGH
Jenkins 2.217-2.441 and LTS 2.222.1-2.426.2 - Cross-Site WebSocket Hijacking via CLI Endpoint
Jan 24, 2024
CVSS 8.8
EPSS 0.67
CVE-2024-23897
CRITICAL
KEVNUCLEI
Jenkins cli Ampersand Replacement Arbitrary File Read
Jan 24, 2024
CVSS 9.8
EPSS 1.00
CVE-2023-50779
MEDIUM
Jenkins PaaSLane Estimate Plugin < 1.0.4 - Missing Authorization
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50778
HIGH
Jenkins PaaSLane Estimate Plugin < 1.0.4 - Cross-Site Request Forgery
Dec 13, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-50777
MEDIUM
Jenkins PaaSLane Estimate Plugin <= 1.0.4 - Cleartext Storage of Sensitive Information
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50776
MEDIUM
Jenkins PaaSLane Estimate Plugin <= 1.0.4 - Cleartext Storage of Sensitive Information in Job config.xml
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50775
MEDIUM
Jenkins Deployment Dashboard Plugin < 1.0.10 - Cross-Site Request Forgery
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50774
HIGH
Jenkins HTMLResource Plugin 1.02 - Cross-Site Request Forgery
Dec 13, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-50773
MEDIUM
Jenkins Dingding JSON Pusher Plugin < 2.0 - Cleartext Storage of Sensitive Information
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50772
MEDIUM
Jenkins Dingding JSON Pusher Plugin <= 2.0 - Cleartext Storage of Sensitive Information in Job Config
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50771
MEDIUM
Jenkins OpenId Connect Authentication Plugin < 2.6 - Open Redirect via Login Redirect URL
Dec 13, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-50770
MEDIUM
Jenkins OpenId Connect Authentication Plugin < 2.6 - Insufficiently Protected Credentials
Dec 13, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-50769
MEDIUM
Jenkins Nexus Platform Plugin < 3.18.0-03 - Missing Authorization
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50768
HIGH
Jenkins Nexus Platform Plugin < 3.18.0-03 - Cross-Site Request Forgery
Dec 13, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-50767
MEDIUM
Jenkins Nexus Platform Plugin < 3.18.0-03 - Server-Side Request Forgery via XML Response Parsing
Dec 13, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-50766
HIGH
Jenkins Nexus Platform Plugin < 3.18.0-03 - Cross-Site Request Forgery
Dec 13, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-50765
MEDIUM
Jenkins Scriptler Plugin < 342.v6a_89fd40f466 - Unauthorized Groovy Script Content Read via Script ID
Dec 13, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-50764
HIGH
Jenkins Scriptler Plugin <342.v6a_89fd40f466 - File Deletion
Dec 13, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-49674
MEDIUM
Jenkins NeuVector Vulnerability Scanner < 1.22 - Missing Authorization
Nov 29, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-49673
HIGH
Jenkins NeuVector Vulnerability Scanner < 2.2 - Cross-Site Request Forgery
Nov 29, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-49656
CRITICAL
Jenkins MATLAB Plugin < 2.11.1 - XML External Entity Injection
Nov 29, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-49655
HIGH
Jenkins MATLAB Plugin < 2.11.1 - Cross-Site Request Forgery
Nov 29, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-49654
CRITICAL
Jenkins MATLAB Plugin < 2.11.1 - Unauthenticated XML File Parsing via Missing Permission Checks
Nov 29, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-49653
MEDIUM
Jenkins Jira Plugin < 3.11 - Insufficiently Protected Credentials
Nov 29, 2023
CVSS 6.5
EPSS 0.01
Products
jenkins 267
pipeline\ 40
script_security 35
active_directory 12
blue_ocean 11
email_extension 11
git 11
build_failure_analyzer 9
config_file_provider 9
configuration_as_code 9
credentials_binding 8
github_branch_source 8
ns-nd_integration_performance_publisher 8
html_publisher 7
job_configuration_history 7
kubernetes 7
openid_connect_authentication 7
openshift_deployer 7
rundeck 7
subversion 7
amazon_ec2 6
azure_ad 6
azure_vm_agents 6
deployment_dashboard 6
electricflow 6
gerrit_trigger 6
git_client 6
git_parameter 6
github 6
github_pull_request_builder 6
Quick Filters