org.jenkins-ci.plugins
1,035 tracked vulnerabilities.
CVE-2019-10371
HIGH
Jenkins Gitlab Auth Plugin <1.4 - Privilege Escalation
Aug 07, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-10370
MEDIUM
Jenkins Mask Passwords Plugin < 2.12.0 - Plaintext Password Exposure in Configuration Form
Aug 07, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10369
MEDIUM
Jenkins JClouds Plugin < 2.14 - Missing Authorization in Test Connection Endpoint
Aug 07, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10368
HIGH
Jenkins JClouds Plugin < 2.14 - Cross-Site Request Forgery via Test Connection Endpoint
Aug 07, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10366
MEDIUM
Jenkins Skytap Cloud CI Plugin < 2.06 - Insufficiently Protected Credentials in config.xml
Jul 31, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10365
MEDIUM
Jenkins Google Kubernetes Engine Plugin <= 0.6.2 - Unauthorized Access Token Exposure via Temporary File
Jul 31, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-10364
MEDIUM
Jenkins Amazon EC2 Plugin < 1.43 - Private Key Exposure in System Log
Jul 31, 2019
CVSS 5.5
EPSS 0.00
CVE-2019-10356
HIGH
Jenkins Script Security Plugin <1.61 - RCE
Jul 31, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-10355
HIGH
Jenkins Script Security Plugin <1.61 - RCE
Jul 31, 2019
CVSS 8.8
EPSS 0.03
CVE-2019-1010241
MEDIUM
Jenkins Credentials Binding Plugin 1.17 - Info Disclosure
Jul 19, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10350
HIGH
Jenkins Port Allocator Plugin < 1.8 - Cleartext Storage of Sensitive Information in Job Config Files
Jul 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10349
MEDIUM
Jenkins Dependency Graph Viewer Plugin < 0.13 - Stored Cross-Site Scripting
Jul 11, 2019
CVSS 5.4
EPSS 0.04
CVE-2019-10348
HIGH
Jenkins Gogs Plugin < 1.0.14 - Cleartext Storage of Sensitive Information in Job Config Files
Jul 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10339
HIGH
Jenkins JX Resources Plugin <= 1.0.36 - Missing Authorization in GlobalPluginConfiguration
Jun 11, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10338
HIGH
Jenkins JX Resources Plugin < 1.0.36 - Cross-Site Request Forgery via GlobalPluginConfiguration#doValidateClient
Jun 11, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-10337
HIGH
Jenkins Token Macro Plugin < 2.7 - XML External Entity Injection via XML Macro
Jun 11, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10336
MEDIUM
Jenkins ElectricFlow < 1.1.6 - Cross-Site Scripting via Post-Build Step Configuration
Jun 11, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-10335
MEDIUM
Jenkins ElectricFlow < 1.1.6 - Stored Cross-Site Scripting via Build Status Page
Jun 11, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-10334
MEDIUM
Jenkins ElectricFlow < 1.1.5 - SSL/TLS and Hostname Verification Disabled via MultipartUtility.java
Jun 11, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10333
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in HTTP Endpoints
Jun 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10332
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Missing Authorization in Configuration Connection Test
Jun 11, 2019
CVSS 4.3
EPSS 0.02
CVE-2019-10331
MEDIUM
Jenkins ElectricFlow < 1.1.5 - Cross-Site Request Forgery via Configuration Test Connection
Jun 11, 2019
CVSS 4.3
EPSS 0.01
CVE-2019-10330
HIGH
Jenkins Gitea Plugin <= 1.1.1 - Missing Authorization for Jenkinsfile Changes
May 31, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-10329
HIGH
Jenkins InfluxDB Plugin <= 1.21 - Insufficiently Protected Credentials
May 31, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-10328
CRITICAL
Jenkins Pipeline Remote Loader Plugin <1.4 - Code Injection
May 31, 2019
CVSS 9.9
EPSS 0.02
Products
script-security 35
git 13
email-ext 12
active-directory 11
config-file-provider 9
electricflow 9
credentials-binding 8
ec2 8
oic-auth 8
subversion 8
artifactory 7
htmlpublisher 7
jobConfigHistory 7
mercurial 7
openshift-deployer 7
rundeck 7
azure-ad 6
azure-vm-agents 6
ec2-deployment-dashboard 6
fortify-on-demand-uploader 6
ghprb 6
gitlab-oauth 6
gitlab-plugin 6
pipeline-maven 6
repository-connector 6
aws-codecommit-trigger 5
codedx 5
credentials 5
delphix 5
extended-choice-parameter 5
Quick Filters