Skip to main content

Jenkins

1691 CVEs vendor

Monthly

CVE-2026-14336 HIGH This Week

Server-side request forgery and OIDC token forgery in Eclipse CSI PIA lets an unauthenticated attacker abuse a flawed Jenkins issuer allowlist (a bare `startswith('https://ci.eclipse.org')` check in `is_issuer_known`, pia/models.py:139) to redirect OIDC discovery and JWKS fetches to an attacker-controlled host. By posting a crafted issuer such as `https://ci.eclipse.org@evil.host` or `https://ci.eclipse.org.evil.host` to `POST /v1/upload/sbom`, an attacker forces PIA to make outbound requests to arbitrary hosts and to accept a JWT signed with the attacker's own key, effectively bypassing token verification. No public exploit identified at time of analysis, but the flaw is unauthenticated and network-reachable, and the CVSS 3.1 base score is 8.2.

SSRF Jenkins Eclipse Csi Pia
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-57307 MEDIUM This Month

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins Jenkins Zowe Zdevops Plugin Authentication Bypass
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-57306 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CSRF Jenkins Jenkins Zowe Zdevops Plugin
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-57305 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

CSRF Jenkins Jenkins Assembla Plugin
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57304 MEDIUM This Month

Jenkins Assembla Plugin 1.4 and earlier exposes a connection-test endpoint without adequate permission enforcement, allowing any Jenkins user holding only Overall/Read permission to trigger outbound HTTP connections to an arbitrary attacker-controlled URL with attacker-supplied credentials. This enables both a limited Server-Side Request Forgery (SSRF) vector for internal network probing and credential interception on the attacker's endpoint. No public exploit code or active exploitation has been identified at time of analysis; SSVC assessment confirms exploitation status as none.

Authentication Bypass Jenkins Jenkins Assembla Plugin
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57303 HIGH This Week

XML external entity (XXE) injection in the Jenkins Assembla Plugin version 1.4 and earlier lets an attacker who can control the HTTP responses of the configured Assembla server read sensitive files and secrets from the Jenkins controller and pivot into internal services via server-side request forgery. Mapped to CWE-918 (SSRF) with a CVSS 3.1 base score of 7.1 (high), there is no public exploit identified at time of analysis and CISA SSVC rates exploitation as 'none' with only partial technical impact. Exploitation requires the attacker to influence what the Assembla endpoint returns, so it is a targeted rather than mass-exploitable condition.

XXE SSRF Jenkins Jenkins Assembla Plugin
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-57302 MEDIUM This Month

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Jenkins Information Disclosure Jenkins Fitnesse Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57301 HIGH This Week

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

Jenkins RCE Jenkins Owasp Zap Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-57300 MEDIUM This Month

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Jenkins Jenkins Mcp Server Plugin Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57299 MEDIUM This Month

Missing authorization checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow any authenticated Jenkins user with the low-privilege Overall/Read permission to enumerate the names of configured Contrast metadata via a network-accessible endpoint. The vulnerability is classified CWE-862 (Missing Authorization) and has an EPSS score of 0.15% (4th percentile), indicating negligible real-world exploitation activity. No public exploit code and no CISA KEV listing have been identified, making this a low-urgency but real information-disclosure concern for multi-tenant Jenkins environments with untrusted users.

Authentication Bypass Jenkins Jenkins Contrast Continuous Application Security Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-57298 MEDIUM This Month

Cross-site request forgery in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows a remote attacker to force a Jenkins instance to establish outbound connections to an arbitrary attacker-controlled URL, supplying attacker-chosen credentials including a username, API key, and service key. Any authenticated Jenkins user can be the unwitting victim if tricked into visiting a crafted page while logged in. No public exploit code or confirmed active exploitation has been identified at time of analysis, and SSVC rates exploitation likelihood as none with partial technical impact.

CSRF Jenkins Jenkins Contrast Continuous Application Security Plugin
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57297 MEDIUM This Month

Missing authorization in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier permits any authenticated Jenkins user holding the minimal Overall/Read permission to invoke a connection test endpoint with fully attacker-controlled URL, username, API key, and service key. This enables the Jenkins server to make arbitrary outbound HTTP connections - a Server-Side Request Forgery (SSRF)-class impact - without the elevated privileges that should guard such functionality. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, indicating low current exploitation probability despite network reachability.

Authentication Bypass Jenkins Jenkins Contrast Continuous Application Security Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-57296 HIGH This Week

Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.

Path Traversal Jenkins RCE Jenkins External Workspace Manager Plugin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-57295 MEDIUM This Month

Cross-site request forgery in Jenkins EC2 Fleet Plugin versions through 4.2.3.539.v8fedff2a_81c3 enables a network attacker to force Jenkins to connect to an attacker-controlled endpoint using AWS credentials stored in Jenkins, effectively exfiltrating those credentials. All Jenkins instances with this plugin installed and AWS credentials configured are at risk. No active exploitation is confirmed (not in CISA KEV), SSVC rates this as non-automatable with partial technical impact, and no public exploit code has been identified at time of analysis.

CSRF Jenkins Jenkins Ec2 Fleet Plugin
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57294 MEDIUM This Month

Missing permission check in Jenkins EC2 Fleet Plugin versions up to 4.2.3.539.v8fedff2a_81c3 enables any authenticated user holding the low-privilege Overall/Read role to trigger a credential-capture attack by directing the plugin to connect to an attacker-controlled endpoint and transmitting AWS credentials stored in Jenkins. The attacker must independently obtain a valid credential ID before exploiting this flaw, making it a chained attack rather than a direct standalone exploit. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog; SSVC rates exploitation status as none.

Authentication Bypass Jenkins Jenkins Ec2 Fleet Plugin
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57293 MEDIUM This Month

Credential ID enumeration in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows authenticated attackers holding only global Item/Configure permission to bypass the intended per-job permission boundary and list credential IDs stored in Jenkins. The root cause is an incorrect permission check (CWE-862) that conflates global and job-scoped authorization, leaking credential identifiers without requiring job-level rights. No public exploit code exists and SSVC rates exploitation status as none; however, enumerated credential IDs can serve as reconnaissance for chained attacks targeting those credentials.

Authentication Bypass Jenkins Jenkins Gitee Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57292 MEDIUM This Month

Cross-site request forgery in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows network-accessible attackers to force a Jenkins instance to initiate connections to attacker-controlled URLs, using credential IDs previously obtained through a separate method. The CVSS vector confirms a low-privileged authenticated attacker posture (PR:L), meaning the victim must hold an active Jenkins session. No active exploitation is confirmed per CISA KEV, and the SSVC framework rates exploitation as currently none with partial technical impact.

CSRF Jenkins Jenkins Gitee Plugin
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57291 MEDIUM This Month

Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow any authenticated user holding the minimal Overall/Read Jenkins role to trigger outbound connections from the Jenkins controller to an attacker-specified URL using credential IDs sourced through a secondary method. This creates an SSRF-like primitive enabling internal network probing and credential ID validation without administrative access. No public exploit code has been identified at time of analysis, and SSVC confirms current exploitation status as none.

Jenkins Jenkins Gitee Plugin Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-57290 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.

CSRF Jenkins Jenkins Priority Sorter Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-57289 MEDIUM This Month

Jenkins Bitbucket Push and Pull Request Plugin versions 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for all outbound Bearer token authenticated requests to configured Bitbucket Server endpoints, creating a man-in-the-middle exposure. Any attacker positioned to intercept network traffic on the path between the Jenkins controller and the Bitbucket Server can capture the Bearer token and subsequently authenticate directly to the Bitbucket Server API. No public exploit is identified at time of analysis, and SSVC rates exploitation as none with partial technical impact; however, the token capture risk is non-trivial for deployments routing Jenkins traffic over untrusted or shared network segments.

Jenkins Information Disclosure Jenkins Bitbucket Push And Pull Request Plugin
NVD VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-57288 LOW Monitor

LDAP injection in Jenkins Active Directory Plugin 2.41.1 and earlier allows unauthenticated remote attackers to enumerate Active Directory entries and authenticate as any directory user they can identify via wildcard matching, provided they already know that user's password. The vulnerability is confined to the Windows native ADSI authentication path, limiting exposure to Jenkins instances running on Windows with ADSI configured. No public exploit code or active exploitation has been identified; SSVC rates it non-automatable with partial technical impact.

Code Injection LDAP Jenkins Microsoft Jenkins Active Directory Plugin
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-57287 MEDIUM This Month

Jenkins Job Configuration History Plugin version 1356.ve360da_6c523a_ and earlier exposes encrypted secret values to any Jenkins user holding Extended Read permission by failing to apply Jenkins' standard secret redaction when rendering historical job and agent configurations. Encrypted credential values that Jenkins would normally mask are displayed in full within the plugin's history view, potentially enabling offline analysis of those values. No public exploit or active exploitation has been identified; SSVC rates this as non-automatable with partial technical impact.

Jenkins Information Disclosure Jenkins Job Configuration History Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-57286 MEDIUM This Month

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.

Jenkins Jenkins Git Parameter Plugin Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57285 MEDIUM This Month

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.

Jenkins Jenkins Github Branch Source Plugin Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57284 MEDIUM This Month

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Jenkins Information Disclosure Jenkins Pipeline
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57283 MEDIUM This Month

Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable delivery.

CSRF Jenkins Jenkins Pipeline Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-57282 MEDIUM This Month

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

Jenkins Jenkins Git Client Plugin Command Injection
NVD VulDB
CVSS 3.1
5.0
EPSS
0.2%
CVE-2026-57281 HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Jenkins Information Disclosure Jenkins Script Security Plugin
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57280 HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

Authentication Bypass Jenkins Jenkins Script Security Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-55847 Maven MEDIUM PATCH GHSA This Month

Stored XSS in allure-generator (versions <= 2.38.1) allows arbitrary JavaScript execution in the browser of anyone who views a generated Allure report containing crafted test result data. The vulnerable `ansi.js` Handlebars helper passes unsanitized `statusMessage` and `statusTrace` values - sourced from JUnit XML failure messages and equivalent fields in TRX, xUnit XML, xctest, and Allure 1/2 plugins - through `ansi-to-html` without HTML escaping, then wraps the output in `SafeString` to bypass Handlebars' auto-escape protection. A publicly available proof-of-concept demonstrates exploitation via a crafted JUnit XML file; the attack is particularly relevant to CI/CD environments (Jenkins, GitLab, GitHub Actions) where reports are served on shared infrastructure with active authenticated sessions.

Gitlab Java Jenkins XSS
NVD GitHub
CVSS 3.1
6.1
CVE-2026-53442 MEDIUM This Month

Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.

Information Disclosure Jenkins Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-53441 Maven MEDIUM PATCH GHSA This Month

Stored XSS in Jenkins 2.483-2.567 and LTS 2.492.1-2.555.2 allows attackers holding Agent/Configure permission to inject persistent malicious scripts via the `POST config.xml` API by supplying an unescaped generic offline cause description. When any Jenkins user views the affected agent page, the payload executes in their browser, enabling session hijacking or unauthorized actions within the Jenkins instance. No public exploit or CISA KEV listing has been identified, and EPSS probability is low at 0.02%, reflecting the constrained attack surface from the required permission prerequisite.

Jenkins XSS
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-53440 MEDIUM This Month

Open redirect in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) enables unauthenticated remote attackers to craft login URLs with a malicious external domain in the 'from' parameter under the 'Delegate to servlet container' security realm, silently redirecting authenticated users to attacker-controlled sites post-login for phishing purposes. The CVSS vector (PR:N, UI:R) confirms no attacker authentication is needed, but victim interaction is mandatory - the user must click a crafted link and complete a login. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; vendor-released patches are available as of 2026-06-10.

Jenkins Open Redirect Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53439 MEDIUM This Month

Missing authorization checks in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) expose user-specific configuration data to any authenticated user holding the Overall/Read permission. Authenticated low-privilege users can query the timezone setting of any Jenkins user account and enumerate the names of views configured within other users' 'My Views' personal dashboards, constituting an information disclosure weakness. No public exploit code exists and this CVE is not listed in the CISA KEV catalog at time of analysis, placing real-world risk in the low-moderate tier primarily relevant to multi-tenant or shared Jenkins deployments.

Authentication Bypass Jenkins Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53438 MEDIUM This Month

Missing authorization enforcement in Jenkins allows low-privileged authenticated users to cancel build queue items they lack permission to view. Affecting Jenkins 2.567 and earlier (LTS 2.555.2 and earlier), this CWE-862 flaw breaks the expected access control invariant that Item/Cancel should be constrained by Item/Read visibility. No public exploit code exists and this vulnerability is not listed in CISA KEV at time of analysis, but the low attack complexity and network accessibility make it a realistic threat in multi-tenant Jenkins deployments where fine-grained RBAC is in use.

Authentication Bypass Jenkins Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53437 MEDIUM This Month

Open redirect in Jenkins login flow enables phishing attacks by exploiting improper redirect URL validation. Tab or newline characters injected between `//` in a post-login redirect URL bypass Jenkins' legitimacy check, redirecting authenticated victims to attacker-controlled sites. Affects Jenkins weekly 2.567 and earlier and LTS 2.555.2 and earlier; vendor-released patches are available. No public exploit identified at time of analysis, and no CISA KEV listing exists, but the bypass technique is trivially derivable from the public advisory.

Jenkins Open Redirect
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53436 MEDIUM This Month

Open redirect exploitation in Jenkins allows unauthenticated network attackers to craft login URLs that bypass the post-authentication redirect validation and forward users to attacker-controlled external sites. Affected are Jenkins weekly releases through 2.567 and LTS releases through 2.555.2, where the redirect URL legitimacy check fails when the URL contains relative path segments such as `./` or `../`. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, placing this in a moderate-risk, phishing-enablement category rather than a direct system compromise class.

Jenkins Open Redirect Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53435 HIGH This Week

Authenticated remote code execution in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) allows attackers with permission to submit config.xml to trigger deserialization of arbitrary core or plugin types that subsequently handle HTTP requests, enabling user impersonation, Script Console abuse, and arbitrary file reads from the controller. The flaw is tracked as a CWE-502 unsafe deserialization issue with a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). No public exploit identified at time of analysis, but the vendor (Jenkins project) has issued a coordinated advisory and patched releases.

RCE Deserialization Jenkins
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-10276 LOW POC Monitor

Server-side request forgery (SSRF) in hekmon8/Jenkins-server-mcp 0.1.0 allows a remote, low-privileged attacker to forge outbound HTTP requests from the server by manipulating the jobPath parameter across the get_build_status, get_build_log, and trigger_build functions in src/index.ts. The flaw stems from absent or insufficient validation of user-supplied job path values before they are used to construct server-side requests to Jenkins. Publicly available exploit code exists (disclosed via GitHub issue #4); no vendor patch has been released and the maintainer has not responded to the disclosure.

Jenkins SSRF
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-40914 Maven MEDIUM PATCH This Month

Incorrect authorization in Apache ActiveMQ Artemis allows authenticated STOMP protocol clients to modify address routing-type settings without sufficient privilege checks. Affects Artemis versions through 2.44.0 and 2.53.0 respectively, the flaw (CWE-863) permits low-privileged network users to alter broker address routing configuration, impacting message routing integrity. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, placing this in a monitor-and-patch priority tier rather than emergency response.

Apache Command Injection Jenkins Authentication Bypass Denial Of Service +2
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-9674 Maven MEDIUM PATCH This Month

Cross-site request forgery in Jenkins Multijob Plugin versions up to and including 662.vd2e0001f6b_b_d enables unauthenticated remote attackers to resume failed Multijob builds by tricking an authenticated Jenkins user into issuing a forged request. The CVSS vector (PR:N/UI:R) confirms no attacker privileges are required, but victim interaction is mandatory, limiting scalability. No public exploit code and no active exploitation have been identified at time of analysis; SSVC independently corroborates Exploitation: none.

CSRF Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48927 Maven MEDIUM This Month

Stored cross-site scripting in Jenkins buildgraph-view Plugin 1.8 and earlier allows authenticated attackers with job or view configuration privileges to inject persistent malicious scripts via an unescaped build URL. Any Jenkins user who subsequently views the affected build graph page triggers execution of the attacker-controlled script in their browser context. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is known; SSVC rates exploitation status as none with partial technical impact.

XSS Jenkins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48926 Maven MEDIUM PATCH This Month

Jenkins Job Import Plugin version 143.v044a_2e819b_27 and earlier exposes credentials ID enumeration to any authenticated user holding the minimal Overall/Read permission due to a missing permission check on an HTTP endpoint. Any low-privileged Jenkins user can query this endpoint and retrieve the IDs of all credentials stored in the Jenkins credentials store, enabling reconnaissance for follow-on credential-targeting attacks. No public exploit has been identified at time of analysis, CISA has not listed this in KEV, and SSVC rates exploitation status as none with partial technical impact.

Privilege Escalation Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48925 Maven MEDIUM PATCH This Month

Cross-site request forgery in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows unauthenticated remote attackers to trigger unauthorized pull request builds by tricking an authenticated Jenkins user into visiting a crafted page. The vulnerability stems from missing CSRF token validation on the endpoint that triggers pull request builds. With CVSS 4.3 (Medium) and no public exploit or KEV listing identified at time of analysis, this represents a moderate-integrity risk primarily in CI/CD pipeline environments where unauthorized build execution could be leveraged for resource abuse or workflow manipulation.

CSRF Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48924 Maven MEDIUM PATCH This Month

Open redirect vulnerability in Jenkins Bitbucket OAuth Plugin 0.17 and earlier enables unauthenticated network attackers to craft login URLs that redirect authenticated victims to arbitrary, attacker-controlled destinations, facilitating phishing campaigns targeting Jenkins users. The plugin fails to validate or restrict the post-login redirect URL parameter, classified under CWE-601. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; the CVSS 4.3 Medium rating reflects network reachability offset by a mandatory user interaction requirement.

Open Redirect Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48923 Maven MEDIUM PATCH This Month

Missing permission check in Jenkins AppSpider Plugin 1.0.17 and earlier allows any authenticated user with Overall/Read permission to force the Jenkins server to initiate connections to arbitrary attacker-specified URLs via a form validation endpoint. This constitutes a server-side request forgery (SSRF)-class primitive - an attacker can leverage this to probe internal network services, perform port scanning, or interact with internal infrastructure reachable by the Jenkins host. No public exploit has been identified at time of analysis, and CISA SSVC assessment confirms no active exploitation.

Privilege Escalation Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48922 Maven HIGH PATCH GHSA This Week

Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who can supply file or zip-file credentials to a job write files to attacker-chosen paths on the node filesystem, escalating to remote code execution when Jenkins is configured to let a low-privileged user configure such credentials for a job running on the built-in node. The flaw stems from missing file-name sanitization on the file and zip credential types. Rated CVSS 7.5 with high attack complexity (AC:H); no public exploit identified at time of analysis and the issue is not in CISA KEV.

RCE Jenkins
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-48921 Maven HIGH PATCH GHSA This Week

Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 797.v90ea_a_9b_e45a_0 and earlier), where the plugin fails to prohibit symbolic links inside shared libraries. An attacker who can control the contents of a shared library consumed by a Pipeline job can plant symlinks that resolve to sensitive files (credentials, secrets, configuration) on the controller filesystem and exfiltrate them through the build. There is no public exploit identified at time of analysis, and SSVC marks exploitation status as none, so this is a patch-and-move-on issue rather than an active-exploitation emergency.

Information Disclosure Jenkins Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48920 Maven HIGH PATCH GHSA This Week

Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets users who can control email content abuse the data-inline image attribute to supply file: URLs, causing the Jenkins controller to read local files and embed their contents as base64 inside outgoing emails. An authenticated attacker with rights to edit job email configuration or templates (CVSS PR:L) can exfiltrate controller secrets, credentials, and configuration. There is no public exploit identified at time of analysis and CISA's SSVC rates exploitation as none, but the CVSS 8.8 score and 'total' technical impact make controller secret theft a serious concern in shared Jenkins environments.

Information Disclosure Jenkins Red Hat
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-48919 Maven MEDIUM PATCH This Month

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrative credentials to achieve full system compromise by manipulating the LDAP referral processing path. The plugin deserializes data received from LDAP referrals without validation (CWE-502), which can enable arbitrary code execution on the Jenkins controller. No public exploit exists at time of analysis, and CISA SSVC assesses this as not automatable, though technical impact is rated total - making it a targeted rather than opportunistic threat.

Deserialization Jenkins
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-48918 Maven MEDIUM PATCH This Month

Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to abuse the plugin's default LDAP referral-following behavior to force Jenkins to issue out-of-band requests to attacker-controlled or internal network hosts. The vulnerability (CWE-918) stems from the plugin not restricting LDAP referrals by default, which can be weaponized to pivot from the Jenkins server into internal infrastructure. No public exploit code exists and SSVC confirms no known active exploitation, but the technical impact is rated total - confidentiality, integrity, and availability are all at risk if exploitation succeeds.

SSRF Jenkins
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-48917 Maven MEDIUM PATCH This Month

Jenkins LDAP Plugin versions up to and including 807.v7d7de30930cf deserializes Java objects returned via LDAP referral responses without any validation, exposing the underlying Jenkins instance to potential remote code execution via classic Java deserialization gadget chains. Exploitation is constrained by a high privilege requirement and high attack complexity (CVSS PR:H/AC:H), limiting realistic scenarios to attackers who already hold Jenkins administrative credentials or can manipulate LDAP referral destinations. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis.

Deserialization Jenkins
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2026-48916 Maven MEDIUM PATCH This Month

Unconstrained LDAP referral following in Jenkins LDAP Plugin (≤ 807.v7d7de30930cf) enables Server-Side Request Forgery, allowing a highly privileged attacker who controls LDAP configuration to force the Jenkins server to initiate connections to arbitrary internal hosts by supplying a malicious LDAP server that returns crafted referrals. The CVSS score of 6.6 reflects genuine constraints: network-reachable but requiring both high privileges and high attack complexity, with High confidentiality, integrity, and availability impact if those barriers are cleared. SSVC assessment confirms no current exploitation and a non-automatable attack path, though technical impact is rated total; no public exploit code has been identified at time of analysis.

SSRF Jenkins
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-6276 HIGH PATCH This Week

Cookie leakage in curl (libcurl) versions 7.71.0 through 8.19.0 allows remote servers to receive cookies intended for a different host when a stale custom cookie host value persists across requests. The flaw, tracked as CWE-319 (cleartext transmission of sensitive information), carries a CVSS 7.5 and SSVC 'partial' technical impact, with no public exploit identified at time of analysis and an EPSS of 0.01%.

Apple Information Disclosure Jenkins Curl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7168 MEDIUM PATCH This Month

Cross-proxy Digest authentication state leak in curl allows remote attackers to obtain sensitive authentication credentials when curl is used with proxy authentication across multiple proxy hops. The vulnerability affects curl versions from 7.12.0 through 8.19.0 due to improper handling of Digest authentication state between proxies, enabling credential disclosure with network-level access and no authentication requirements. EPSS score of 0.03% suggests low real-world exploitation probability despite the information disclosure impact.

Apple Jenkins Information Disclosure Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-42525 Maven MEDIUM PATCH This Month

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

Jenkins Microsoft Open Redirect
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42524 Maven HIGH PATCH GHSA This Week

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Jenkins XSS
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-42523 Maven CRITICAL PATCH GHSA Act Now

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Jenkins XSS
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-42522 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

Jenkins Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-42521 Maven MEDIUM PATCH This Month

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

Jenkins Information Disclosure Deserialization
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42520 Maven HIGH PATCH GHSA This Week

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.

Jenkins RCE Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-42519 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

Jenkins Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33166 Maven HIGH PATCH This Week

Path traversal in Allure report generator for Jenkins allows unauthenticated attackers to read arbitrary files from the host system by crafting malicious test result files with specially crafted attachment paths. The vulnerability stems from insufficient path validation when processing attachments during report generation, enabling sensitive files to be included in generated reports. A patch is not currently available.

Jenkins Path Traversal Information Disclosure Java
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-33004 Maven MEDIUM PATCH This Month

The Jenkins LoadNinja Plugin version 2.1 and earlier fails to mask LoadNinja API keys displayed on the job configuration form, allowing attackers with access to the Jenkins web interface to observe and capture sensitive credentials. This information disclosure vulnerability affects Jenkins administrators and users with job configuration visibility, enabling credential theft that could lead to unauthorized access to LoadNinja services and associated testing infrastructure. No CVSS score, EPSS data, or active exploitation status (KEV listing) is currently available in public sources.

Jenkins Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33003 Maven MEDIUM PATCH This Month

The Jenkins LoadNinja Plugin versions 2.1 and earlier stores LoadNinja API keys in plaintext within job configuration files (config.xml) on the Jenkins controller, allowing unauthorized disclosure of sensitive credentials. Users with Item/Extended Read permission on Jenkins jobs or direct file system access to the controller can extract these API keys, potentially leading to account compromise and unauthorized access to LoadNinja services. This is a straightforward credential exposure vulnerability with no complexity barriers to exploitation once access is gained.

Jenkins Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-33002 Maven HIGH PATCH This Week

Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team.

Jenkins Authentication Bypass Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33001 Maven HIGH PATCH This Week

Jenkins versions 2.554 and earlier (LTS 2.541.2 and earlier) contain a path traversal vulnerability in their handling of tar and tar.gz archive extraction that fails to safely process symbolic links, allowing attackers to write files to arbitrary filesystem locations. Attackers with Item/Configure permission or control over Jenkins agent processes can exploit this to deploy malicious scripts and plugins on the Jenkins controller, achieving code execution with the privileges of the Jenkins process. The vulnerability is particularly concerning because it affects the core Jenkins application and enables privilege escalation through plugin installation mechanisms.

Information Disclosure Jenkins
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27100 Maven MEDIUM PATCH This Month

Jenkins versions 2.550 and earlier fail to properly validate Run Parameter access controls, allowing authenticated users with Item/Build and Item/Configure permissions to enumerate sensitive information about jobs, builds, and their display names they should not have access to. This information disclosure vulnerability affects Jenkins LTS 2.541.1 and earlier, with no patch currently available. Attackers can exploit this to gather intelligence about build infrastructure by referencing builds outside their authorized scope.

Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-27099 Maven HIGH PATCH This Week

Jenkins versions 2.483-2.550 and LTS 2.492.1-2.541.1 contain a stored XSS vulnerability in the agent offline cause description field that fails to properly sanitize user input. Attackers with Agent/Configure or Agent/Disconnect permissions can inject malicious scripts that execute in the browsers of other users viewing the affected agent configuration. No patch is currently available for this vulnerability.

Jenkins XSS Red Hat
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-68931 Maven HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68925 Maven MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68704 Maven HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]

Java Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68703 Maven HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68702 Maven HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68701 Maven HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68698 Maven HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-13472 Maven MEDIUM PATCH This Month

A remote code execution vulnerability in BlazeMeter Jenkins Plugin (CVSS 5.3) that allows users only with certain permissions. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Jenkins
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34212 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jenkins Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-59476 Maven MEDIUM PATCH This Month

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-59475 Maven MEDIUM PATCH Monitor

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59474 Maven MEDIUM POC PATCH This Month

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-58460 Maven MEDIUM PATCH Monitor

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jenkins Opentelemetry
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-58459 Maven MEDIUM PATCH Monitor

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Global Build Stats
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58458 Maven MEDIUM PATCH Monitor

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git Client
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-53743 Maven MEDIUM This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Applitools Eyes
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53742 Maven MEDIUM This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Applitools Eyes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53678 Maven MEDIUM This Month

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins User1st Utester
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53677 Maven MEDIUM This Month

CVE-2025-53677 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Xooa
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53676 Maven MEDIUM This Month

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Xooa
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53675 Maven MEDIUM This Month

CVE-2025-53675 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Warrior Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 8.2
HIGH This Week

Server-side request forgery and OIDC token forgery in Eclipse CSI PIA lets an unauthenticated attacker abuse a flawed Jenkins issuer allowlist (a bare `startswith('https://ci.eclipse.org')` check in `is_issuer_known`, pia/models.py:139) to redirect OIDC discovery and JWKS fetches to an attacker-controlled host. By posting a crafted issuer such as `https://ci.eclipse.org@evil.host` or `https://ci.eclipse.org.evil.host` to `POST /v1/upload/sbom`, an attacker forces PIA to make outbound requests to arbitrary hosts and to accept a JWT signed with the attacker's own key, effectively bypassing token verification. No public exploit identified at time of analysis, but the flaw is unauthenticated and network-reachable, and the CVSS 3.1 base score is 8.2.

SSRF Jenkins Eclipse Csi Pia
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins Jenkins Zowe Zdevops Plugin Authentication Bypass
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CSRF Jenkins Jenkins Zowe Zdevops Plugin
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

CSRF Jenkins Jenkins Assembla Plugin
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Jenkins Assembla Plugin 1.4 and earlier exposes a connection-test endpoint without adequate permission enforcement, allowing any Jenkins user holding only Overall/Read permission to trigger outbound HTTP connections to an arbitrary attacker-controlled URL with attacker-supplied credentials. This enables both a limited Server-Side Request Forgery (SSRF) vector for internal network probing and credential interception on the attacker's endpoint. No public exploit code or active exploitation has been identified at time of analysis; SSVC assessment confirms exploitation status as none.

Authentication Bypass Jenkins Jenkins Assembla Plugin
NVD
EPSS 0% CVSS 7.1
HIGH This Week

XML external entity (XXE) injection in the Jenkins Assembla Plugin version 1.4 and earlier lets an attacker who can control the HTTP responses of the configured Assembla server read sensitive files and secrets from the Jenkins controller and pivot into internal services via server-side request forgery. Mapped to CWE-918 (SSRF) with a CVSS 3.1 base score of 7.1 (high), there is no public exploit identified at time of analysis and CISA SSVC rates exploitation as 'none' with only partial technical impact. Exploitation requires the attacker to influence what the Assembla endpoint returns, so it is a targeted rather than mass-exploitable condition.

XXE SSRF Jenkins +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Jenkins Information Disclosure Jenkins Fitnesse Plugin
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

Jenkins RCE Jenkins Owasp Zap Plugin
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Jenkins Jenkins Mcp Server Plugin Authentication Bypass
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow any authenticated Jenkins user with the low-privilege Overall/Read permission to enumerate the names of configured Contrast metadata via a network-accessible endpoint. The vulnerability is classified CWE-862 (Missing Authorization) and has an EPSS score of 0.15% (4th percentile), indicating negligible real-world exploitation activity. No public exploit code and no CISA KEV listing have been identified, making this a low-urgency but real information-disclosure concern for multi-tenant Jenkins environments with untrusted users.

Authentication Bypass Jenkins Jenkins Contrast Continuous Application Security Plugin
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site request forgery in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows a remote attacker to force a Jenkins instance to establish outbound connections to an arbitrary attacker-controlled URL, supplying attacker-chosen credentials including a username, API key, and service key. Any authenticated Jenkins user can be the unwitting victim if tricked into visiting a crafted page while logged in. No public exploit code or confirmed active exploitation has been identified at time of analysis, and SSVC rates exploitation likelihood as none with partial technical impact.

CSRF Jenkins Jenkins Contrast Continuous Application Security Plugin
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier permits any authenticated Jenkins user holding the minimal Overall/Read permission to invoke a connection test endpoint with fully attacker-controlled URL, username, API key, and service key. This enables the Jenkins server to make arbitrary outbound HTTP connections - a Server-Side Request Forgery (SSRF)-class impact - without the elevated privileges that should guard such functionality. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, indicating low current exploitation probability despite network reachability.

Authentication Bypass Jenkins Jenkins Contrast Continuous Application Security Plugin
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.

Path Traversal Jenkins RCE +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site request forgery in Jenkins EC2 Fleet Plugin versions through 4.2.3.539.v8fedff2a_81c3 enables a network attacker to force Jenkins to connect to an attacker-controlled endpoint using AWS credentials stored in Jenkins, effectively exfiltrating those credentials. All Jenkins instances with this plugin installed and AWS credentials configured are at risk. No active exploitation is confirmed (not in CISA KEV), SSVC rates this as non-automatable with partial technical impact, and no public exploit code has been identified at time of analysis.

CSRF Jenkins Jenkins Ec2 Fleet Plugin
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing permission check in Jenkins EC2 Fleet Plugin versions up to 4.2.3.539.v8fedff2a_81c3 enables any authenticated user holding the low-privilege Overall/Read role to trigger a credential-capture attack by directing the plugin to connect to an attacker-controlled endpoint and transmitting AWS credentials stored in Jenkins. The attacker must independently obtain a valid credential ID before exploiting this flaw, making it a chained attack rather than a direct standalone exploit. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog; SSVC rates exploitation status as none.

Authentication Bypass Jenkins Jenkins Ec2 Fleet Plugin
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Credential ID enumeration in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows authenticated attackers holding only global Item/Configure permission to bypass the intended per-job permission boundary and list credential IDs stored in Jenkins. The root cause is an incorrect permission check (CWE-862) that conflates global and job-scoped authorization, leaking credential identifiers without requiring job-level rights. No public exploit code exists and SSVC rates exploitation status as none; however, enumerated credential IDs can serve as reconnaissance for chained attacks targeting those credentials.

Authentication Bypass Jenkins Jenkins Gitee Plugin
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site request forgery in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows network-accessible attackers to force a Jenkins instance to initiate connections to attacker-controlled URLs, using credential IDs previously obtained through a separate method. The CVSS vector confirms a low-privileged authenticated attacker posture (PR:L), meaning the victim must hold an active Jenkins session. No active exploitation is confirmed per CISA KEV, and the SSVC framework rates exploitation as currently none with partial technical impact.

CSRF Jenkins Jenkins Gitee Plugin
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow any authenticated user holding the minimal Overall/Read Jenkins role to trigger outbound connections from the Jenkins controller to an attacker-specified URL using credential IDs sourced through a secondary method. This creates an SSRF-like primitive enabling internal network probing and credential ID validation without administrative access. No public exploit code has been identified at time of analysis, and SSVC confirms current exploitation status as none.

Jenkins Jenkins Gitee Plugin Authentication Bypass
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.

CSRF Jenkins Jenkins Priority Sorter Plugin
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Jenkins Bitbucket Push and Pull Request Plugin versions 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for all outbound Bearer token authenticated requests to configured Bitbucket Server endpoints, creating a man-in-the-middle exposure. Any attacker positioned to intercept network traffic on the path between the Jenkins controller and the Bitbucket Server can capture the Bearer token and subsequently authenticate directly to the Bitbucket Server API. No public exploit is identified at time of analysis, and SSVC rates exploitation as none with partial technical impact; however, the token capture risk is non-trivial for deployments routing Jenkins traffic over untrusted or shared network segments.

Jenkins Information Disclosure Jenkins Bitbucket Push And Pull Request Plugin
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

LDAP injection in Jenkins Active Directory Plugin 2.41.1 and earlier allows unauthenticated remote attackers to enumerate Active Directory entries and authenticate as any directory user they can identify via wildcard matching, provided they already know that user's password. The vulnerability is confined to the Windows native ADSI authentication path, limiting exposure to Jenkins instances running on Windows with ADSI configured. No public exploit code or active exploitation has been identified; SSVC rates it non-automatable with partial technical impact.

Code Injection LDAP Jenkins +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Job Configuration History Plugin version 1356.ve360da_6c523a_ and earlier exposes encrypted secret values to any Jenkins user holding Extended Read permission by failing to apply Jenkins' standard secret redaction when rendering historical job and agent configurations. Encrypted credential values that Jenkins would normally mask are displayed in full within the plugin's history view, potentially enabling offline analysis of those values. No public exploit or active exploitation has been identified; SSVC rates this as non-automatable with partial technical impact.

Jenkins Information Disclosure Jenkins Job Configuration History Plugin
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.

Jenkins Jenkins Git Parameter Plugin Authentication Bypass
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.

Jenkins Jenkins Github Branch Source Plugin Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Jenkins Information Disclosure Jenkins Pipeline
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable delivery.

CSRF Jenkins Jenkins Pipeline +1
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

Jenkins Jenkins Git Client Plugin Command Injection
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Jenkins Information Disclosure Jenkins Script Security Plugin
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

Authentication Bypass Jenkins Jenkins Script Security Plugin
NVD VulDB
CVSS 6.1
MEDIUM PATCH This Month

Stored XSS in allure-generator (versions <= 2.38.1) allows arbitrary JavaScript execution in the browser of anyone who views a generated Allure report containing crafted test result data. The vulnerable `ansi.js` Handlebars helper passes unsanitized `statusMessage` and `statusTrace` values - sourced from JUnit XML failure messages and equivalent fields in TRX, xUnit XML, xctest, and Allure 1/2 plugins - through `ansi-to-html` without HTML escaping, then wraps the output in `SafeString` to bypass Handlebars' auto-escape protection. A publicly available proof-of-concept demonstrates exploitation via a crafted JUnit XML file; the attack is particularly relevant to CI/CD environments (Jenkins, GitLab, GitHub Actions) where reports are served on shared infrastructure with active authenticated sessions.

Gitlab Java Jenkins +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.

Information Disclosure Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Stored XSS in Jenkins 2.483-2.567 and LTS 2.492.1-2.555.2 allows attackers holding Agent/Configure permission to inject persistent malicious scripts via the `POST config.xml` API by supplying an unescaped generic offline cause description. When any Jenkins user views the affected agent page, the payload executes in their browser, enabling session hijacking or unauthorized actions within the Jenkins instance. No public exploit or CISA KEV listing has been identified, and EPSS probability is low at 0.02%, reflecting the constrained attack surface from the required permission prerequisite.

Jenkins XSS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) enables unauthenticated remote attackers to craft login URLs with a malicious external domain in the 'from' parameter under the 'Delegate to servlet container' security realm, silently redirecting authenticated users to attacker-controlled sites post-login for phishing purposes. The CVSS vector (PR:N, UI:R) confirms no attacker authentication is needed, but victim interaction is mandatory - the user must click a crafted link and complete a login. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; vendor-released patches are available as of 2026-06-10.

Jenkins Open Redirect Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization checks in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) expose user-specific configuration data to any authenticated user holding the Overall/Read permission. Authenticated low-privilege users can query the timezone setting of any Jenkins user account and enumerate the names of views configured within other users' 'My Views' personal dashboards, constituting an information disclosure weakness. No public exploit code exists and this CVE is not listed in the CISA KEV catalog at time of analysis, placing real-world risk in the low-moderate tier primarily relevant to multi-tenant or shared Jenkins deployments.

Authentication Bypass Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization enforcement in Jenkins allows low-privileged authenticated users to cancel build queue items they lack permission to view. Affecting Jenkins 2.567 and earlier (LTS 2.555.2 and earlier), this CWE-862 flaw breaks the expected access control invariant that Item/Cancel should be constrained by Item/Read visibility. No public exploit code exists and this vulnerability is not listed in CISA KEV at time of analysis, but the low attack complexity and network accessibility make it a realistic threat in multi-tenant Jenkins deployments where fine-grained RBAC is in use.

Authentication Bypass Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect in Jenkins login flow enables phishing attacks by exploiting improper redirect URL validation. Tab or newline characters injected between `//` in a post-login redirect URL bypass Jenkins' legitimacy check, redirecting authenticated victims to attacker-controlled sites. Affects Jenkins weekly 2.567 and earlier and LTS 2.555.2 and earlier; vendor-released patches are available. No public exploit identified at time of analysis, and no CISA KEV listing exists, but the bypass technique is trivially derivable from the public advisory.

Jenkins Open Redirect
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect exploitation in Jenkins allows unauthenticated network attackers to craft login URLs that bypass the post-authentication redirect validation and forward users to attacker-controlled external sites. Affected are Jenkins weekly releases through 2.567 and LTS releases through 2.555.2, where the redirect URL legitimacy check fails when the URL contains relative path segments such as `./` or `../`. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, placing this in a moderate-risk, phishing-enablement category rather than a direct system compromise class.

Jenkins Open Redirect Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) allows attackers with permission to submit config.xml to trigger deserialization of arbitrary core or plugin types that subsequently handle HTTP requests, enabling user impersonation, Script Console abuse, and arbitrary file reads from the controller. The flaw is tracked as a CWE-502 unsafe deserialization issue with a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). No public exploit identified at time of analysis, but the vendor (Jenkins project) has issued a coordinated advisory and patched releases.

RCE Deserialization Jenkins
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Server-side request forgery (SSRF) in hekmon8/Jenkins-server-mcp 0.1.0 allows a remote, low-privileged attacker to forge outbound HTTP requests from the server by manipulating the jobPath parameter across the get_build_status, get_build_log, and trigger_build functions in src/index.ts. The flaw stems from absent or insufficient validation of user-supplied job path values before they are used to construct server-side requests to Jenkins. Publicly available exploit code exists (disclosed via GitHub issue #4); no vendor patch has been released and the maintainer has not responded to the disclosure.

Jenkins SSRF
NVD VulDB GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect authorization in Apache ActiveMQ Artemis allows authenticated STOMP protocol clients to modify address routing-type settings without sufficient privilege checks. Affects Artemis versions through 2.44.0 and 2.53.0 respectively, the flaw (CWE-863) permits low-privileged network users to alter broker address routing configuration, impacting message routing integrity. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, placing this in a monitor-and-patch priority tier rather than emergency response.

Apache Command Injection Jenkins +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site request forgery in Jenkins Multijob Plugin versions up to and including 662.vd2e0001f6b_b_d enables unauthenticated remote attackers to resume failed Multijob builds by tricking an authenticated Jenkins user into issuing a forged request. The CVSS vector (PR:N/UI:R) confirms no attacker privileges are required, but victim interaction is mandatory, limiting scalability. No public exploit code and no active exploitation have been identified at time of analysis; SSVC independently corroborates Exploitation: none.

CSRF Jenkins
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Stored cross-site scripting in Jenkins buildgraph-view Plugin 1.8 and earlier allows authenticated attackers with job or view configuration privileges to inject persistent malicious scripts via an unescaped build URL. Any Jenkins user who subsequently views the affected build graph page triggers execution of the attacker-controlled script in their browser context. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is known; SSVC rates exploitation status as none with partial technical impact.

XSS Jenkins
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Job Import Plugin version 143.v044a_2e819b_27 and earlier exposes credentials ID enumeration to any authenticated user holding the minimal Overall/Read permission due to a missing permission check on an HTTP endpoint. Any low-privileged Jenkins user can query this endpoint and retrieve the IDs of all credentials stored in the Jenkins credentials store, enabling reconnaissance for follow-on credential-targeting attacks. No public exploit has been identified at time of analysis, CISA has not listed this in KEV, and SSVC rates exploitation status as none with partial technical impact.

Privilege Escalation Jenkins
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site request forgery in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows unauthenticated remote attackers to trigger unauthorized pull request builds by tricking an authenticated Jenkins user into visiting a crafted page. The vulnerability stems from missing CSRF token validation on the endpoint that triggers pull request builds. With CVSS 4.3 (Medium) and no public exploit or KEV listing identified at time of analysis, this represents a moderate-integrity risk primarily in CI/CD pipeline environments where unauthorized build execution could be leveraged for resource abuse or workflow manipulation.

CSRF Jenkins
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Open redirect vulnerability in Jenkins Bitbucket OAuth Plugin 0.17 and earlier enables unauthenticated network attackers to craft login URLs that redirect authenticated victims to arbitrary, attacker-controlled destinations, facilitating phishing campaigns targeting Jenkins users. The plugin fails to validate or restrict the post-login redirect URL parameter, classified under CWE-601. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; the CVSS 4.3 Medium rating reflects network reachability offset by a mandatory user interaction requirement.

Open Redirect Jenkins
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Missing permission check in Jenkins AppSpider Plugin 1.0.17 and earlier allows any authenticated user with Overall/Read permission to force the Jenkins server to initiate connections to arbitrary attacker-specified URLs via a form validation endpoint. This constitutes a server-side request forgery (SSRF)-class primitive - an attacker can leverage this to probe internal network services, perform port scanning, or interact with internal infrastructure reachable by the Jenkins host. No public exploit has been identified at time of analysis, and CISA SSVC assessment confirms no active exploitation.

Privilege Escalation Jenkins
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who can supply file or zip-file credentials to a job write files to attacker-chosen paths on the node filesystem, escalating to remote code execution when Jenkins is configured to let a low-privileged user configure such credentials for a job running on the built-in node. The flaw stems from missing file-name sanitization on the file and zip credential types. Rated CVSS 7.5 with high attack complexity (AC:H); no public exploit identified at time of analysis and the issue is not in CISA KEV.

RCE Jenkins
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 797.v90ea_a_9b_e45a_0 and earlier), where the plugin fails to prohibit symbolic links inside shared libraries. An attacker who can control the contents of a shared library consumed by a Pipeline job can plant symlinks that resolve to sensitive files (credentials, secrets, configuration) on the controller filesystem and exfiltrate them through the build. There is no public exploit identified at time of analysis, and SSVC marks exploitation status as none, so this is a patch-and-move-on issue rather than an active-exploitation emergency.

Information Disclosure Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets users who can control email content abuse the data-inline image attribute to supply file: URLs, causing the Jenkins controller to read local files and embed their contents as base64 inside outgoing emails. An authenticated attacker with rights to edit job email configuration or templates (CVSS PR:L) can exfiltrate controller secrets, credentials, and configuration. There is no public exploit identified at time of analysis and CISA's SSVC rates exploitation as none, but the CVSS 8.8 score and 'total' technical impact make controller secret theft a serious concern in shared Jenkins environments.

Information Disclosure Jenkins Red Hat
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrative credentials to achieve full system compromise by manipulating the LDAP referral processing path. The plugin deserializes data received from LDAP referrals without validation (CWE-502), which can enable arbitrary code execution on the Jenkins controller. No public exploit exists at time of analysis, and CISA SSVC assesses this as not automatable, though technical impact is rated total - making it a targeted rather than opportunistic threat.

Deserialization Jenkins
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to abuse the plugin's default LDAP referral-following behavior to force Jenkins to issue out-of-band requests to attacker-controlled or internal network hosts. The vulnerability (CWE-918) stems from the plugin not restricting LDAP referrals by default, which can be weaponized to pivot from the Jenkins server into internal infrastructure. No public exploit code exists and SSVC confirms no known active exploitation, but the technical impact is rated total - confidentiality, integrity, and availability are all at risk if exploitation succeeds.

SSRF Jenkins
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Jenkins LDAP Plugin versions up to and including 807.v7d7de30930cf deserializes Java objects returned via LDAP referral responses without any validation, exposing the underlying Jenkins instance to potential remote code execution via classic Java deserialization gadget chains. Exploitation is constrained by a high privilege requirement and high attack complexity (CVSS PR:H/AC:H), limiting realistic scenarios to attackers who already hold Jenkins administrative credentials or can manipulate LDAP referral destinations. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis.

Deserialization Jenkins
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unconstrained LDAP referral following in Jenkins LDAP Plugin (≤ 807.v7d7de30930cf) enables Server-Side Request Forgery, allowing a highly privileged attacker who controls LDAP configuration to force the Jenkins server to initiate connections to arbitrary internal hosts by supplying a malicious LDAP server that returns crafted referrals. The CVSS score of 6.6 reflects genuine constraints: network-reachable but requiring both high privileges and high attack complexity, with High confidentiality, integrity, and availability impact if those barriers are cleared. SSVC assessment confirms no current exploitation and a non-automatable attack path, though technical impact is rated total; no public exploit code has been identified at time of analysis.

SSRF Jenkins
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cookie leakage in curl (libcurl) versions 7.71.0 through 8.19.0 allows remote servers to receive cookies intended for a different host when a stale custom cookie host value persists across requests. The flaw, tracked as CWE-319 (cleartext transmission of sensitive information), carries a CVSS 7.5 and SSVC 'partial' technical impact, with no public exploit identified at time of analysis and an EPSS of 0.01%.

Apple Information Disclosure Jenkins +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cross-proxy Digest authentication state leak in curl allows remote attackers to obtain sensitive authentication credentials when curl is used with proxy authentication across multiple proxy hops. The vulnerability affects curl versions from 7.12.0 through 8.19.0 due to improper handling of Digest authentication state between proxies, enabling credential disclosure with network-level access and no authentication requirements. EPSS score of 0.03% suggests low real-world exploitation probability despite the information disclosure impact.

Apple Jenkins Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.

Jenkins Microsoft Open Redirect
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Jenkins XSS
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Jenkins XSS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

Jenkins Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

Jenkins Information Disclosure Deserialization
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.

Jenkins RCE Path Traversal
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

Jenkins Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Path traversal in Allure report generator for Jenkins allows unauthenticated attackers to read arbitrary files from the host system by crafting malicious test result files with specially crafted attachment paths. The vulnerability stems from insufficient path validation when processing attachments during report generation, enabling sensitive files to be included in generated reports. A patch is not currently available.

Jenkins Path Traversal Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Jenkins LoadNinja Plugin version 2.1 and earlier fails to mask LoadNinja API keys displayed on the job configuration form, allowing attackers with access to the Jenkins web interface to observe and capture sensitive credentials. This information disclosure vulnerability affects Jenkins administrators and users with job configuration visibility, enabling credential theft that could lead to unauthorized access to LoadNinja services and associated testing infrastructure. No CVSS score, EPSS data, or active exploitation status (KEV listing) is currently available in public sources.

Jenkins Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Jenkins LoadNinja Plugin versions 2.1 and earlier stores LoadNinja API keys in plaintext within job configuration files (config.xml) on the Jenkins controller, allowing unauthorized disclosure of sensitive credentials. Users with Item/Extended Read permission on Jenkins jobs or direct file system access to the controller can extract these API keys, potentially leading to account compromise and unauthorized access to LoadNinja services. This is a straightforward credential exposure vulnerability with no complexity barriers to exploitation once access is gained.

Jenkins Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team.

Jenkins Authentication Bypass Red Hat
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Jenkins versions 2.554 and earlier (LTS 2.541.2 and earlier) contain a path traversal vulnerability in their handling of tar and tar.gz archive extraction that fails to safely process symbolic links, allowing attackers to write files to arbitrary filesystem locations. Attackers with Item/Configure permission or control over Jenkins agent processes can exploit this to deploy malicious scripts and plugins on the Jenkins controller, achieving code execution with the privileges of the Jenkins process. The vulnerability is particularly concerning because it affects the core Jenkins application and enables privilege escalation through plugin installation mechanisms.

Information Disclosure Jenkins
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins versions 2.550 and earlier fail to properly validate Run Parameter access controls, allowing authenticated users with Item/Build and Item/Configure permissions to enumerate sensitive information about jobs, builds, and their display names they should not have access to. This information disclosure vulnerability affects Jenkins LTS 2.541.1 and earlier, with no patch currently available. Attackers can exploit this to gather intelligence about build infrastructure by referencing builds outside their authorized scope.

Jenkins Red Hat
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Jenkins versions 2.483-2.550 and LTS 2.492.1-2.541.1 contain a stored XSS vulnerability in the agent offline cause description field that fails to properly sanitize user input. Attackers with Agent/Configure or Agent/Disconnect permissions can inject malicious scripts that execute in the browsers of other users viewing the affected agent configuration. No patch is currently available for this vulnerability.

Jenkins XSS Red Hat
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Jervis versions up to 2.2 is affected by improper verification of cryptographic signature (CVSS 5.3).

Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH]

Java Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH]

Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Jenkins Jervis
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A remote code execution vulnerability in BlazeMeter Jenkins Plugin (CVSS 5.3) that allows users only with certain permissions. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Jenkins
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jenkins Virtual Appliance Application +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH Monitor

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Jenkins Opentelemetry
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Global Build Stats
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git Client
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Applitools Eyes
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Applitools Eyes
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins User1st Utester
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-53677 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Xooa
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Xooa
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

CVE-2025-53675 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Warrior Framework
NVD GitHub
Page 1 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy