Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins jenkins vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-1999047
A improper authorization vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in UpdateCenter.java that allows malicious users to cancel a Jenkins restart scheduled through the update center.
Jenkins Jenkins
NA
CVE-2013-0327
Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote malicious users to hijack the authentication of users via unknown vectors.
Jenkins Jenkins
NA
CVE-2013-0330
Unspecified vulnerability in Jenkins prior to 1.502 and LTS prior to 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Jenkins Jenkins
8.1
CVSSv3
CVE-2017-1000504
A race condition during Jenkins 2.94 and previous versions; 2.89.1 and previous versions startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Pl...
Jenkins Jenkins
4.3
CVSSv3
CVE-2020-2104
Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions allowed users with Overall/Read access to view a JVM memory usage chart.
Jenkins Jenkins
4.3
CVSSv3
CVE-2023-43494
Jenkins 2.50 up to and including 2.423 (both inclusive), LTS 2.60.1 up to and including 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission ...
Jenkins Jenkins
5.4
CVSSv3
CVE-2023-43495
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to ...
Jenkins Jenkins
8.8
CVSSv3
CVE-2023-43496
Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system tem...
Jenkins Jenkins
8.1
CVSSv3
CVE-2023-43497
In Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attacker...
Jenkins Jenkins
8.1
CVSSv3
CVE-2023-43498
In Jenkins 2.423 and previous versions, LTS 2.414.1 and previous versions, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers ...
Jenkins Jenkins
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »