Skip to main content

Jenkins

1691 CVEs vendor

Monthly

CVE-2025-53674 Maven MEDIUM This Month

CVE-2025-53674 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Sensedia Api Platform Tools
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53673 Maven MEDIUM This Month

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Sensedia Api Platform Tools
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53672 Maven MEDIUM This Month

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Kryptowire
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53671 Maven MEDIUM This Month

CVE-2025-53671 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Nouvola Divecloud
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53670 Maven MEDIUM This Month

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Nouvola Divecloud
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53669 Maven MEDIUM This Month

CVE-2025-53669 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Vaddy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53668 Maven MEDIUM This Month

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Vaddy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53667 Maven MEDIUM This Month

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53666 Maven MEDIUM This Month

Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53665 Maven MEDIUM This Month

CVE-2025-53665 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Apica Loadtest
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53664 Maven MEDIUM This Month

CVE-2025-53664 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Apica Loadtest
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53663 Maven MEDIUM This Month

Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins IBM Ibm Cloud Devops
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53662 Maven MEDIUM This Month

CVE-2025-53662 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Ifttt Build Notifier
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53661 Maven MEDIUM This Month

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Testsigma Test Plan Run
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53660 Maven MEDIUM This Month

CVE-2025-53660 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Qmetry Test Management
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53659 Maven MEDIUM This Month

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Qmetry Test Management
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53658 Maven MEDIUM PATCH This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

XSS Jenkins Applitools Eyes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53657 Maven MEDIUM This Month

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Readyapi Functional Testing
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53656 Maven MEDIUM This Month

CVE-2025-53656 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Readyapi Functional Testing
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-53655 Maven MEDIUM This Month

CVE-2025-53655 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Statistics Gatherer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53654 Maven MEDIUM This Month

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Statistics Gatherer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-53653 Maven MEDIUM This Month

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Aqua Security Scanner
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53652 Maven HIGH PATCH This Week

Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

Code Injection Jenkins Git Parameter
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-53651 Maven MEDIUM PATCH This Month

CVE-2025-53651 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Html Publisher
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-53650 Maven HIGH PATCH This Week

Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

Information Disclosure Jenkins Credentials Binding
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-9453 MEDIUM PATCH This Month

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

Jenkins Information Disclosure Red Hat
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-5806 Maven HIGH PATCH This Week

A cross-site scripting vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.

XSS Jenkins Java Gatling
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-47889 Maven CRITICAL Act Now

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wso2 Oauth
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-47888 Maven MEDIUM This Month

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Jenkins Dingtalk
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-47887 Maven MEDIUM PATCH This Month

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47886 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-47885 Maven HIGH PATCH This Month

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Health Advisor By Cloudbees
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47884 Maven CRITICAL PATCH This Week

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Provider
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2025-32755 CRITICAL Act Now

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins Debian Ssh Slave
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-32754 CRITICAL Act Now

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins Debian Ssh Agent
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-31728 Maven MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31727 Maven MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31726 Maven MEDIUM This Month

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Stack Hammer
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31725 Maven MEDIUM This Month

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Monitor Remote Job
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-31724 Maven MEDIUM PATCH This Month

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Cadence Vmanager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-31723 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Simple Queue
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31722 Maven HIGH PATCH This Week

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Jenkins Templating Engine
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-31721 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-31720 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30197 Maven LOW PATCH Monitor

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Zoho Qengine
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-30196 Maven MEDIUM This Month

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchorchain
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-27625 Maven MEDIUM PATCH This Month

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27624 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Red Hat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27623 Maven MEDIUM PATCH This Month

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-27622 Maven MEDIUM PATCH This Month

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0148 Maven LOW PATCH Monitor

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. Rated low severity (CVSS 2.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
2.6
EPSS
0.1%
CVE-2025-0142 Maven MEDIUM PATCH Monitor

Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24403 Maven MEDIUM Monitor

A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Jenkins Azure Service Fabric
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-24402 Maven MEDIUM Monitor

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft CSRF Jenkins Azure Service Fabric
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2025-24401 Maven MEDIUM This Month

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Folder Based Authorization Strategy
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24400 Maven MEDIUM PATCH Monitor

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Eiffel Broadcaster
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24399 Maven HIGH PATCH This Month

Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24398 Maven HIGH PATCH This Month

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Bitbucket Server Integration
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-24397 Maven MEDIUM PATCH Monitor

An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-54004 Maven MEDIUM PATCH This Month

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Filesystem List Parameter
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-54003 Maven HIGH PATCH This Week

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Simple Queue
NVD
CVSS 3.1
8.0
EPSS
79.7%
CVE-2024-52554 Maven HIGH PATCH This Week

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Shared Library Version Override
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52553 Maven HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-52552 Maven HIGH PATCH This Week

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Authorize Project
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-52551 Maven HIGH PATCH This Week

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Pipeline
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-52550 Maven HIGH PATCH This Week

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Pipeline
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-52549 Maven MEDIUM PATCH This Month

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Script Security
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-47807 Maven HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-47806 Maven HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-47805 Maven HIGH PATCH This Week

Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Credentials
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-47804 Maven MEDIUM PATCH This Month

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Memory Corruption
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-47803 Maven MEDIUM PATCH This Month

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-43045 Maven MEDIUM PATCH This Month

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins
NVD
CVSS 3.1
6.3
EPSS
4.3%
CVE-2024-43044 Maven HIGH PATCH This Week

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-39460 Maven MEDIUM PATCH This Month

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bitbucket Branch Source
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-39459 Maven MEDIUM PATCH This Month

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Plain Credentials
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-39458 Maven LOW PATCH Monitor

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Structs
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-5273 Maven MEDIUM This Month

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Report Info
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-34148 Maven MEDIUM This Month

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Prototype Pollution Java Information Disclosure Jenkins Subversion Partial Release Manager
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-34147 Maven MEDIUM This Month

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Telegram Bot
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-34146 Maven MEDIUM PATCH This Month

Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Git Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34145 Maven HIGH PATCH This Week

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Jenkins Script Security
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-34144 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jenkins Script Security
NVD
CVSS 3.1
9.8
EPSS
48.1%
CVE-2024-3825 Maven MEDIUM PATCH This Month

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2216 Maven HIGH This Week

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins Docker Build Step
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2215 Maven MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Docker Jenkins Docker Build Step
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28162 Maven MEDIUM PATCH This Month

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Delphix
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-28161 Maven MEDIUM PATCH This Month

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Delphix
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-28160 Maven HIGH This Week

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Icescrum
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-28159 Maven MEDIUM This Month

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Subversion Partial Release Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-53674 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Sensedia Api Platform Tools
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Sensedia Api Platform Tools
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Kryptowire
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

CVE-2025-53671 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Nouvola Divecloud
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Nouvola Divecloud
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

CVE-2025-53669 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Vaddy
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Vaddy
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

CVE-2025-53665 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Apica Loadtest
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

CVE-2025-53664 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Apica Loadtest
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins IBM +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

CVE-2025-53662 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Ifttt Build Notifier
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Testsigma Test Plan Run
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

CVE-2025-53660 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Qmetry Test Management
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Qmetry Test Management
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

XSS Jenkins Applitools Eyes
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Readyapi Functional Testing
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

CVE-2025-53656 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Readyapi Functional Testing
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-53655 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Statistics Gatherer
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Information Disclosure Jenkins Statistics Gatherer
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Aqua Security Scanner
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

Code Injection Jenkins Git Parameter
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

CVE-2025-53651 is a security vulnerability (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Html Publisher
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.

Information Disclosure Jenkins Credentials Binding
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information.

Jenkins Information Disclosure Red Hat
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A cross-site scripting vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.

XSS Jenkins Java +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wso2 Oauth
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Jenkins Dingtalk
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cadence Vmanager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Cadence Vmanager
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Health Advisor By Cloudbees
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH This Week

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Provider
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins +2
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Asakusasatellite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Stack Hammer
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Monitor Remote Job
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Cadence Vmanager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Simple Queue
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Jenkins +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Red Hat
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Zoho Qengine
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchorchain
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Jenkins Red Hat
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Red Hat
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Red Hat
NVD
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. Rated low severity (CVSS 2.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Jenkins
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
EPSS 1% CVSS 4.3
MEDIUM Monitor

A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 4.3
MEDIUM Monitor

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft CSRF Jenkins +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Folder Based Authorization Strategy
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Eiffel Broadcaster
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Openid Connect Authentication
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Bitbucket Server Integration
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH Monitor

An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Jenkins
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Filesystem List Parameter
NVD
EPSS 80% CVSS 8.0
HIGH PATCH This Week

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Simple Queue
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Shared Library Version Override
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Openid Connect Authentication
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Authorize Project
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Pipeline
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Pipeline
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Script Security
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Authentication
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Authentication
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Credentials
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Memory Corruption
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
EPSS 4% CVSS 6.3
MEDIUM PATCH This Month

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins
NVD
EPSS 29% CVSS 8.8
HIGH PATCH This Week

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bitbucket Branch Source
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Plain Credentials
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Structs
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Report Info
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Prototype Pollution Java Information Disclosure +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Telegram Bot
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Git Server
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Jenkins +1
NVD
EPSS 48% CVSS 9.8
CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jenkins Script Security
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Docker Jenkins +1
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Delphix
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Delphix
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Icescrum
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Subversion Partial Release Manager
NVD
Prev Page 2 of 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy