org.jenkins-ci.plugins
1,035 tracked vulnerabilities.
CVE-2021-43578
HIGH
Jenkins Squash TM Publisher <1.0.0 - Code Injection
Nov 12, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-43577
HIGH
Jenkins OWASP Dependency-Check Plugin <5.1.1 - XXE
Nov 12, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-43576
MEDIUM
Jenkins pom2config Plugin <1.2 - XXE
Nov 12, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21701
MEDIUM
Jenkins Performance Plugin < 3.20 - XML External Entity Injection
Nov 12, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21700
MEDIUM
Jenkins Scriptler Plugin < 3.3 - Stored Cross-Site Scripting in Script Deletion Confirmation
Nov 12, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-21698
HIGH
Jenkins Subversion Plugin < 2.15.0 - Path Traversal via Subversion Key File Lookup
Nov 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-21684
MEDIUM
Jenkins Git Plugin < 4.8.2 - Stored Cross-Site Scripting via Git SHA-1 Checksum Parameter
Oct 06, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21681
MEDIUM
Jenkins Nomad Plugin < 0.7.4 - Insufficiently Protected Docker Credentials
Aug 31, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-21680
HIGH
Jenkins Nested View Plugin < 1.20 - XML External Entity Injection
Aug 31, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-21679
HIGH
Jenkins Azure AD Plugin < 179.vf6841393099e - Cross-Site Request Forgery Protection Bypass
Aug 31, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-21678
HIGH
Jenkins SAML Plugin < 2.0.7 - Cross-Site Request Forgery Protection Bypass
Aug 31, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-21676
MEDIUM
Jenkins requests-plugin < 2.2.7 - Missing Authorization in HTTP Endpoint
Jun 30, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-21675
MEDIUM
Jenkins requests-plugin < 2.2.12 - Cross-Site Request Forgery
Jun 30, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-21674
MEDIUM
Jenkins requests-plugin <2.2.6 - Info Disclosure
Jun 30, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-21673
MEDIUM
Jenkins CAS Plugin < 1.6.0 - Open Redirect via Legitimacy Bypass
Jun 30, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-21672
MEDIUM
Jenkins Selenium HTML Report Plugin <= 1.0 - XML External Entity Injection
Jun 30, 2021
CVSS 4.3
EPSS 0.43
CVE-2021-21669
CRITICAL
Jenkins Generic Webhook Trigger Plugin < 1.72 - XML External Entity Injection
Jun 18, 2021
CVSS 9.8
EPSS 0.26
CVE-2021-21668
MEDIUM
Jenkins Scriptler Plugin < 3.1 - Stored Cross-Site Scripting via Unescaped Script Content
Jun 16, 2021
CVSS 5.4
EPSS 0.76
CVE-2021-21667
MEDIUM
Jenkins Scriptler Plugin < 3.2 - Stored Cross-Site Scripting in Job Configuration Forms
Jun 16, 2021
CVSS 5.4
EPSS 0.76
CVE-2021-21666
MEDIUM
Jenkins Kiuwan Plugin < 1.6.0 - Reflected Cross-Site Scripting via Form Validation Endpoint
Jun 10, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21661
MEDIUM
Jenkins Kubernetes CLI Plugin <1.10.0 - Info Disclosure
Jun 10, 2021
CVSS 4.3
EPSS 0.02
CVE-2021-21659
HIGH
Jenkins URLTrigger Plugin < 0.48 - XML External Entity Injection
May 25, 2021
CVSS 8.1
EPSS 0.67
CVE-2021-21658
CRITICAL
Jenkins Nuget Plugin < 1.0 - XML External Entity Injection
May 25, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-21657
HIGH
Jenkins Filesystem Trigger Plugin < 0.40 - XML External Entity Injection
May 25, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-21656
HIGH
Jenkins Xcode integration Plugin < 2.0.14 - XML External Entity Injection
May 11, 2021
CVSS 7.1
EPSS 0.02
Products
script-security 35
git 13
email-ext 12
active-directory 11
config-file-provider 9
electricflow 9
credentials-binding 8
ec2 8
oic-auth 8
subversion 8
artifactory 7
htmlpublisher 7
jobConfigHistory 7
mercurial 7
openshift-deployer 7
rundeck 7
azure-ad 6
azure-vm-agents 6
ec2-deployment-dashboard 6
fortify-on-demand-uploader 6
ghprb 6
gitlab-oauth 6
gitlab-plugin 6
pipeline-maven 6
repository-connector 6
aws-codecommit-trigger 5
codedx 5
credentials 5
delphix 5
extended-choice-parameter 5
Quick Filters