Skip to main content

Jenkins

1691 CVEs vendor

Monthly

CVE-2021-21684 Maven MEDIUM PATCH This Month

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Git
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-21683 Maven MEDIUM PATCH This Month

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Path Traversal
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-21682 Maven MEDIUM PATCH This Month

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21681 Maven MEDIUM PATCH This Month

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure Nomad
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21680 Maven HIGH PATCH This Week

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nested View
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2021-21679 Maven HIGH PATCH This Week

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Jenkins Azure Ad
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21678 Maven HIGH PATCH This Week

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Saml
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21677 Maven HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins Java Code Coverage Api
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-21676 Maven MEDIUM PATCH This Month

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Requests
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-21675 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Requests
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21674 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Requests
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21673 Maven MEDIUM PATCH This Month

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cas
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-21672 Maven MEDIUM PATCH This Month

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Selenium Html Report
NVD
CVSS 3.1
4.3
EPSS
42.5%
CVE-2021-21671 Maven HIGH PATCH This Week

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21670 Maven MEDIUM PATCH This Month

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
2.0%
CVE-2021-21669 Maven CRITICAL PATCH Act Now

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Generic Webhook Trigger
NVD
CVSS 3.1
9.8
EPSS
25.7%
CVE-2021-21668 Maven MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
CVSS 3.1
5.4
EPSS
76.0%
CVE-2021-21667 Maven MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
CVSS 3.1
5.4
EPSS
75.7%
CVE-2021-21666 Maven MEDIUM PATCH This Month

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Kiuwan
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-21665 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xebialabs Xl Deploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21664 Maven MEDIUM PATCH This Month

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Xebialabs Xl Deploy
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21663 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21662 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21661 Maven MEDIUM PATCH This Month

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-21660 Maven MEDIUM PATCH This Month

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Markdown Formatter
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-21659 Maven HIGH PATCH This Week

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Urltrigger
NVD
CVSS 3.1
8.1
EPSS
66.8%
CVE-2021-21658 Maven CRITICAL PATCH Act Now

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Nuget
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-21657 Maven HIGH PATCH This Week

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Filesystem Trigger
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21656 Maven HIGH PATCH This Week

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Xcode Integration
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2021-21655 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins P4
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2021-21654 Maven MEDIUM PATCH This Month

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure P4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-21653 Maven MEDIUM PATCH This Month

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Atlassian Information Disclosure Xray Test Management For Jira
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21652 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Atlassian Xray Test Management For Jira
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-21651 Maven MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21650 Maven MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21649 Maven MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Dashboard View
NVD
CVSS 3.1
5.4
EPSS
72.7%
CVE-2021-21648 Maven MEDIUM PATCH This Month

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Credentials
NVD
CVSS 3.1
6.1
EPSS
11.3%
CVE-2021-21647 Maven MEDIUM PATCH This Month

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudbees Cd
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21646 Maven HIGH PATCH This Week

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Templating Engine
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-21645 Maven MEDIUM PATCH This Month

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21644 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Config File Provider
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-21643 Maven MEDIUM PATCH This Month

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21642 Maven HIGH PATCH This Week

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Config File Provider
NVD
CVSS 3.1
8.1
EPSS
37.8%
CVE-2021-22513 Maven MEDIUM PATCH This Month

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22512 Maven MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22511 Maven MEDIUM PATCH This Month

Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Application Automation Tools
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22510 Maven MEDIUM PATCH This Month

Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Application Automation Tools
NVD
CVSS 3.1
6.1
EPSS
5.0%
CVE-2021-21641 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Promoted Builds
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-21640 Maven MEDIUM PATCH This Month

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2021-21639 Maven MEDIUM PATCH This Month

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
2.7%
CVE-2021-28165 Maven HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management Communications Cloud Native Core Policy Communications Element Manager +17
NVD GitHub
CVSS 3.1
7.5
EPSS
53.9%
CVE-2021-21638 Maven HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Team Foundation Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21637 Maven MEDIUM This Month

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Foundation Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21636 Maven MEDIUM This Month

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Foundation Server
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21635 Maven MEDIUM PATCH This Month

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Rest List Parameter
NVD
CVSS 3.1
5.4
EPSS
8.8%
CVE-2021-21634 Maven MEDIUM PATCH This Month

Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jabber Xmpp Notifier And Control
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21633 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Owasp Dependency Track
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21632 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Owasp Dependency Track
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21631 Maven MEDIUM PATCH This Month

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloud Statistics
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21630 Maven MEDIUM PATCH This Month

Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Extra Columns
NVD
CVSS 3.1
5.4
EPSS
72.4%
CVE-2021-21629 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Build With Parameters
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-21628 Maven MEDIUM PATCH This Month

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Build With Parameters
NVD
CVSS 3.1
5.4
EPSS
81.9%
CVE-2021-21627 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Libvirt Agents
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21626 Maven MEDIUM PATCH This Month

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Warnings Next Generation
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21625 Maven MEDIUM PATCH This Month

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloudbees Aws Credentials
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21624 Maven MEDIUM PATCH This Month

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Role Based Authorization Strategy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21623 Maven MEDIUM PATCH This Month

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Matrix Authorization Strategy
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21622 Maven MEDIUM PATCH This Month

Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Artifact Repository Parameter
NVD
CVSS 3.1
5.4
EPSS
9.4%
CVE-2021-21621 Maven MEDIUM PATCH This Month

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Support Core
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-21620 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Claim
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-21619 Maven MEDIUM PATCH This Month

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Claim
NVD
CVSS 3.1
5.4
EPSS
9.4%
CVE-2021-21618 Maven MEDIUM PATCH This Month

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Repository Connector
NVD
CVSS 3.1
5.4
EPSS
82.2%
CVE-2021-21617 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Configuration Slicing
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-21616 Maven MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
CVSS 3.1
4.6
EPSS
78.8%
CVE-2021-21615 Maven MEDIUM PATCH This Month

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-21614 Maven MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure HP Bumblebee Hp Alm
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21613 Maven MEDIUM PATCH This Month

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Tics
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21612 Maven MEDIUM PATCH This Month

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Tracetronic Ecu Test
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21611 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21610 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-21609 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-21608 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21607 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21606 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-21605 Maven HIGH PATCH This Week

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal
NVD
CVSS 3.1
8.0
EPSS
2.2%
CVE-2021-21604 Maven HIGH PATCH This Week

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Jenkins
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2021-21603 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21602 Maven MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-2324 Maven HIGH PATCH This Week

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cvs
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-2323 Maven MEDIUM PATCH This Month

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Chaos Monkey
NVD
CVSS 3.1
5.3
EPSS
0.8%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Git
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Path Traversal
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Jenkins Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Docker Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Nested View
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Microsoft Jenkins +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Saml
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Jenkins +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Requests
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Requests
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Requests
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cas
NVD
EPSS 43% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Selenium Html Report
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 26% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Generic Webhook Trigger
NVD
EPSS 76% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
EPSS 76% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Kiuwan
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xebialabs Xl Deploy
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Xebialabs Xl Deploy
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xebialabs Xl Deploy
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Markdown Formatter
NVD
EPSS 67% CVSS 8.1
HIGH PATCH This Week

Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Urltrigger
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Nuget
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Filesystem Trigger
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Xcode Integration
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins P4
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure P4
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Atlassian Information Disclosure +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Atlassian +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
EPSS 73% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Dashboard View
NVD
EPSS 11% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Credentials
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudbees Cd
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Templating Engine
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Config File Provider
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
EPSS 38% CVSS 8.1
HIGH PATCH This Week

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Config File Provider
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Application Automation Tools
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Application Automation Tools
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Application Automation Tools
NVD
EPSS 5% CVSS 6.1
MEDIUM PATCH This Month

Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Application Automation Tools
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Promoted Builds
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 54% CVSS 7.5
HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management +19
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Team Foundation Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Foundation Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Team Foundation Server
NVD
EPSS 9% CVSS 5.4
MEDIUM PATCH This Month

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Rest List Parameter
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jabber Xmpp Notifier And Control
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Owasp Dependency Track
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Owasp Dependency Track
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloud Statistics
NVD
EPSS 72% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Extra Columns
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Build With Parameters
NVD
EPSS 82% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Build With Parameters
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Libvirt Agents
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Warnings Next Generation
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloudbees Aws Credentials
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Role Based Authorization Strategy
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Matrix Authorization Strategy
NVD
EPSS 9% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Artifact Repository Parameter
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Support Core
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Claim
NVD
EPSS 9% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Claim
NVD
EPSS 82% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Repository Connector
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Configuration Slicing
NVD
EPSS 79% CVSS 4.6
MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure HP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Tics
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Tracetronic Ecu Test
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Denial Of Service
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Jenkins
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cvs
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Chaos Monkey
NVD
Prev Page 10 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy