Skip to main content

Jenkins

1691 CVEs vendor

Monthly

CVE-2019-1003033 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Groovy
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-1003032 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Email Extension
NVD
CVSS 3.1
9.9
EPSS
2.4%
CVE-2019-1003031 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Matrix Project Openshift Container Platform
NVD
CVSS 3.1
9.9
EPSS
3.4%
CVE-2019-1003030 Maven CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
9.9
EPSS
75.6%
CVE-2019-1003029 Maven CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD GitHub
CVSS 3.1
9.9
EPSS
73.9%
CVE-2019-1003028 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Jms Messaging
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-1003027 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Octopusdeploy
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-1003026 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Jenkins Java
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-1003025 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins Cloud Foundry
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-1003024 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-1003023 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Jenkins Warnings Next Generation
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-1003022 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins CSRF Monitoring
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-1003021 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid Connect Authentication
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003020 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Kanboard
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-1003019 Maven MEDIUM PATCH This Month

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Session Fixation Jenkins Github Oauth
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2019-1003018 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Oauth
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003017 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2019-1003016 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Job Import
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-1003015 Maven CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service Jenkins Job Import
NVD
CVSS 3.0
9.1
EPSS
1.8%
CVE-2019-1003014 Maven MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Config File Provider Openshift Container Platform
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2019-1003013 Maven MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Jenkins Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2019-1003012 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Blue Ocean Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-1003011 Maven HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins Information Disclosure Token Macro +1
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2019-1003010 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Git Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2019-1003009 Maven HIGH PATCH This Week

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Active Directory
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2019-1003008 Maven HIGH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings Next Generation
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003007 Maven HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE CSRF Warnings
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-1003006 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins RCE Groovy
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-1003005 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security
NVD GitHub
CVSS 3.1
8.8
EPSS
19.0%
CVE-2019-1003004 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-1003003 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2019-1003002 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
81.6%
CVE-2019-1003001 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Pipeline Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
86.2%
CVE-2019-1003000 Maven HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE Script Security Openshift Container Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
98.4%
CVE-2018-1000866 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Pipeline +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000865 Maven HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins RCE Script Security +1
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-1000864 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service Openshift Container Platform
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-1000863 Maven HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal Openshift Container Platform
NVD
CVSS 3.0
8.2
EPSS
6.8%
CVE-2018-1000862 Maven MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-1000861 Maven CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Openshift Container Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
98.5%
CVE-2018-1999047 Maven MEDIUM PATCH This Month

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-1999046 Maven MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-1999045 Maven MEDIUM PATCH This Month

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1999044 Maven MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1999043 Maven HIGH PATCH This Week

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1999042 Maven MEDIUM PATCH This Month

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-1999041 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Tinfoil Security
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1999040 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-1999039 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Jenkins SSRF Confluence Publisher
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-1999038 Maven MEDIUM PATCH This Month

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Java Jenkins Information Disclosure Publish Over Cifs
NVD
CVSS 3.0
4.2
EPSS
0.5%
CVE-2018-1999037 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Resource Disposer
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-1999036 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Ssh Agent
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1999035 Maven HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Buildmaster
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1999034 Maven HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Proget
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2018-1999033 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Container Image Scanner
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-1999032 Maven MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins Pangolin Connector For Testrail
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1999031 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Meliora Testlab
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1999030 Maven MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Maven Artifact Choicelistprovider Nexus
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1999029 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Shelve Project
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1999028 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Accurev
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1999027 Maven HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java CSRF Jenkins Saltstack
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-1999026 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Tracetronic Ecu Test
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1999025 Maven HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Tracetronic Ecu Test
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1999007 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java Jenkins XSS Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-1999006 Maven MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-1999005 Maven MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Jenkins XSS Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2018-1999004 Maven MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2018-1999003 Maven MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2018-1999002 Maven HIGH POC PATCH THREAT This Week

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.6%
CVE-2018-1999001 Maven HIGH PATCH This Week

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Jenkins Authentication Bypass Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.8
EPSS
18.1%
CVE-2018-1000404 Maven HIGH PATCH This Week

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Aws Codebuild
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000403 Maven HIGH PATCH This Week

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Aws Codedeploy
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000402 Maven MEDIUM PATCH This Month

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Aws Codedeploy
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-1000401 Maven HIGH PATCH This Week

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Aws Codepipeline
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1000610 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000609 Maven MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000608 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Z Os Connector
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-1000607 Maven MEDIUM PATCH This Month

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Fortify Cloudscan
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000606 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Urltrigger
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-1000605 Maven HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Collabnet
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1000604 Maven MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS Badge
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000603 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openstack Cloud
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000602 Maven MEDIUM PATCH This Month

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Session Fixation Jenkins Authentication Bypass Saml
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1000601 Maven MEDIUM PATCH This Month

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Ssh Credentials
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000600 Maven HIGH POC PATCH THREAT This Week

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github
NVD
CVSS 3.0
8.8
EPSS
90.9%
CVE-2018-1000202 Maven MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Groovy Postbuild
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000198 Maven MEDIUM PATCH This Month

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XXE Black Duck Hub
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000197 Maven HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Black Duck Hub
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-1000196 Maven MEDIUM This Month

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure Gitlab Hook
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1000195 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Java CSRF Jenkins SSRF Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
2.1%
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +1
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +1
NVD
EPSS 3% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 76% CVSS 9.9
CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 74% CVSS 9.9
CRITICAL POC KEV PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Jenkins +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid Connect Authentication
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Session Fixation +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Oauth
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins CSRF +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +1
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Denial Of Service +2
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Config File Provider +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Java Jenkins +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +2
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Jenkins +3
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +2
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Jenkins +2
NVD
EPSS 19% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 82% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jenkins RCE Pipeline +1
NVD Exploit-DB
EPSS 86% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 98% CVSS 8.8
HIGH POC PATCH THREAT Act Now

A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins RCE +2
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +3
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service +1
NVD
EPSS 7% CVSS 8.2
HIGH POC PATCH This Week

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Jenkins Path Traversal +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 98% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Jenkins +2
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Shelve Project
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java CSRF Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Java Jenkins XSS +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Jenkins XSS Communications Cloud Native Core Automated Test Suite
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Jenkins +1
NVD
EPSS 87% CVSS 7.5
HIGH POC PATCH THREAT This Week

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Jenkins Information Disclosure +1
NVD Exploit-DB
EPSS 18% CVSS 8.8
HIGH PATCH This Week

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Jenkins Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Session Fixation Jenkins +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 91% CVSS 8.8
HIGH POC PATCH THREAT This Week

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Groovy Postbuild
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XXE +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure +1
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Java CSRF Jenkins +2
NVD
Prev Page 17 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy