Skip to main content

Jenkins

1691 CVEs vendor

Monthly

CVE-2019-16539 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Support Core
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-16538 Maven HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins RCE Script Security
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-10476 Maven HIGH PATCH This Week

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zulip
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10475 Maven MEDIUM POC THREAT This Month

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Build Metrics
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
57.7%
CVE-2019-10474 Maven MEDIUM This Month

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Global Post Script
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10473 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10472 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10471 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Libvirt Slaves
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10470 Maven MEDIUM This Month

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Kubernetes Kubernetes Ci
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10469 Maven MEDIUM This Month

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Kubernetes Kubernetes Ci
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10468 Maven HIGH This Week

A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF Kubernetes Ci
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10467 Maven MEDIUM PATCH This Month

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sonar Gerrit
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10466 Maven HIGH This Week

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins 360 Fireline
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2019-10465 Maven MEDIUM This Month

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Oracle Deploy Weblogic
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-10464 Maven HIGH This Week

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Oracle CSRF Deploy Weblogic
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-10463 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Dynatrace Application Monitoring
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10462 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Dynatrace Application Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-10461 Maven HIGH PATCH This Week

Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dynatrace Application Monitoring
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10460 Maven HIGH PATCH This Week

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Bitbucket Oauth
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10459 Maven MEDIUM PATCH This Month

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Jenkins Information Disclosure Mattermost Notification
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-10458 Maven CRITICAL Act Now

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Puppet Enterprise Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.9%
CVE-2019-10457 Maven MEDIUM This Month

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Oracle Oracle Cloud Infrastructure Compute Classic
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10456 Maven MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Oracle CSRF Oracle Cloud Infrastructure Compute Classic
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10455 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10454 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10453 Maven HIGH This Week

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Delphix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-10452 Maven MEDIUM This Month

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure View26 Test Reporting
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-10451 Maven MEDIUM This Month

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soasta Cloudtest
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-10450 Maven LOW Monitor

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Elasticbox Ci
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-10449 Maven HIGH PATCH This Week

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Fortify On Demand
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2019-10448 Maven HIGH This Week

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Extensive Testing
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-10447 Maven MEDIUM This Month

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sofy Ai
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-10446 Maven HIGH PATCH This Week

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cadence Vmanager
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2019-10445 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Google Google Kubernetes Engine
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10444 Maven MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure Bumblebee Hp Alm
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10443 Maven HIGH PATCH This Week

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Icescrum
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-10442 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Icescrum
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10441 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Icescrum
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10440 Maven HIGH PATCH This Week

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Neoload
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-10439 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Crx Content Package Deployer
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10438 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Crx Content Package Deployer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10437 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Crx Content Package Deployer
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-10436 Maven MEDIUM PATCH This Month

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure Google Oauth Credentials
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10435 Maven HIGH This Week

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hashicorp Sourcegear Vault
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10434 Maven HIGH This Week

Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ldap Email
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10433 Maven LOW PATCH Monitor

Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-10432 Maven MEDIUM PATCH This Month

Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Html Publisher
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2019-10431 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Jenkins RCE Script Security
NVD
CVSS 3.1
9.9
EPSS
2.7%
CVE-2019-10430 Maven MEDIUM PATCH This Month

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Neuvector Vulnerability Scanner
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10429 Maven MEDIUM PATCH This Month

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gitlab Gitlab Logo
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10428 Maven HIGH PATCH This Week

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Security Scanner
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10427 Maven MEDIUM PATCH This Month

Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Microscanner
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2019-10426 Maven MEDIUM This Month

Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gem Publisher
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10425 Maven MEDIUM This Month

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure Google Calendar
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10424 Maven MEDIUM This Month

Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Eloyente
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10423 Maven MEDIUM This Month

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Codescan
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10422 Maven MEDIUM This Month

Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Call Remote Job
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10421 Maven MEDIUM This Month

Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure Azure Event Grid Notifier
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-10420 Maven MEDIUM This Month

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Assembla
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10419 Maven MEDIUM This Month

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Vfabric Application Director
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10418 Maven CRITICAL Act Now

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Kubernetes Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2019-10417 Maven CRITICAL Act Now

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Kubernetes Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2019-10416 Maven MEDIUM PATCH This Month

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gitlab Violation Comments To Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-10415 Maven MEDIUM PATCH This Month

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gitlab Violation Comments To Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-10414 Maven MEDIUM PATCH This Month

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git Changelog
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10413 Maven MEDIUM PATCH This Month

Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Data Theorem Mobile App Security
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-10412 Maven HIGH PATCH This Week

Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Inedo Proget
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10411 Maven HIGH PATCH This Week

Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Inedo Buildmaster
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10410 Maven MEDIUM PATCH This Month

Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Log Parser
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-10409 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Project Inheritance
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10408 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Project Inheritance
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10407 Maven MEDIUM PATCH This Month

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Project Inheritance
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-10406 Maven MEDIUM PATCH This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
4.8
EPSS
1.0%
CVE-2019-10405 Maven MEDIUM POC PATCH THREAT This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
65.8%
CVE-2019-10404 Maven MEDIUM PATCH This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-10403 Maven MEDIUM PATCH This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-10402 Maven MEDIUM PATCH This Month

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-10401 Maven MEDIUM PATCH This Month

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-10400 Maven MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10399 Maven MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10398 Maven MEDIUM PATCH This Month

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Beaker Builder
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10397 Maven LOW PATCH Monitor

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Aqua Security Severless Scanner
NVD
CVSS 3.1
3.1
EPSS
0.6%
CVE-2019-10396 Maven MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dashboard View
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10395 Maven MEDIUM PATCH This Month

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Environment
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10394 Maven MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10393 Maven MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10392 Maven HIGH PATCH This Week

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Command Injection Git Client
NVD
CVSS 3.1
8.8
EPSS
25.8%
CVE-2019-10391 Maven MEDIUM PATCH This Month

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure Ibm Application Security On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-10390 Maven HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Jenkins RCE
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-10384 Maven HIGH PATCH This Week

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Jenkins CSRF Communications Cloud Native Core Automated Test Suite Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
1.6%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Support Core
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zulip
NVD
EPSS 58% CVSS 6.1
MEDIUM POC THREAT This Month

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Build Metrics
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Global Post Script
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Libvirt Slaves
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Libvirt Slaves
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Kubernetes +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Kubernetes +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Kubernetes CSRF +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sonar Gerrit
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SSRF Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Oracle +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Oracle CSRF +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Dynatrace Application Monitoring
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Dynatrace Application Monitoring
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dynatrace Application Monitoring
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Bitbucket Oauth
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 9.9
CRITICAL Act Now

Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Puppet Enterprise Pipeline
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Oracle +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Oracle CSRF +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rundeck
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Delphix
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure View26 Test Reporting
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soasta Cloudtest
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Elasticbox Ci
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Fortify On Demand
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Extensive Testing
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sofy Ai
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cadence Vmanager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Icescrum
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Icescrum
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Icescrum
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Neoload
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Crx Content Package Deployer
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Crx Content Package Deployer
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Crx Content Package Deployer
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hashicorp +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ldap Email
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Html Publisher
NVD
EPSS 3% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Jenkins RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Neuvector Vulnerability Scanner
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gitlab +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Security Scanner
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Microscanner
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gem Publisher
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Eloyente
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Codescan
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Call Remote Job
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Assembla
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Vfabric Application Director
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes +1
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gitlab +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gitlab +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git Changelog
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Data Theorem Mobile App Security
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Inedo Proget
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Inedo Buildmaster
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Log Parser
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Project Inheritance
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Project Inheritance
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Project Inheritance
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 66% CVSS 5.4
MEDIUM POC PATCH THREAT This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Beaker Builder
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Aqua Security Severless Scanner
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dashboard View
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Environment
NVD
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
EPSS 26% CVSS 8.8
HIGH PATCH This Week

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Command Injection Git Client
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Jenkins RCE
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Jenkins CSRF Communications Cloud Native Core Automated Test Suite +1
NVD
Prev Page 14 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy