CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE from 0, < 2.452.1
from 0, < 2.414.3, >= 2.415.0, < 2.428.0
CRITICAL9.1Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
from 0, < 2.318.1
CRITICAL9.0Jenkins Remoting library arbitrary file read vulnerability
from 0, < 2.462.1, >= 2.463.0, < 2.479.1
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.319.0
HIGH8.8In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in…
from 0, < 2.568.0
HIGH8.8Jenkins has a link following vulnerability allows arbitrary file creation
from 0, < 2.541.3, >= 2.542.0, < 2.555.0
HIGH8.8Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
>= 2.217.0, < 2.452.1
HIGH8.8Cross-site Scripting vulnerability in Jenkins
>= 2.270.0, < 2.394.0
HIGH8.8Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
from 0, < 2.318.1
HIGH8.8Cross-Site Request Forgery in Jenkins
from 0, < 2.227.1
HIGH8.6Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
from 0, < 2.218.1
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description
>= 2.483.0, < 2.555.3, >= 2.556.0, < 2.568.0
HIGH8.0Jenkins has a stored XSS vulnerability in node offline cause description
>= 2.483.0, < 2.541.2, >= 2.542.0, < 2.551.0
HIGH8.0Jenkins Cross-site Scripting vulnerability
from 0, < 2.424.0
HIGH8.0Jenkins Stored Cross-site Scripting vulnerability
from 0, < 2.415.1
HIGH8.0Jenkins CSRF protection bypass vulnerability
from 0, < 2.401.1
HIGH8.0Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
>= 2.367.0, < 2.370.0
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.321.0, < 2.355.1
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.320.0, < 2.355.1
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.340.0, < 2.355.1
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.340.0, < 2.355.1
HIGH8.0Path traversal vulnerability in Jenkins agent names
from 0, < 2.274.1
HIGH8.0Improper handling of REST API XML deserialization errors in Jenkins
from 0, < 2.274.1
HIGH8.0Jenkins Cross-Site Scripting vulnerability in help icons
from 0, < 2.251.1
HIGH8.0Jenkins Cross-site Scripting vulnerability in project naming strategy
from 0, < 2.251.1
HIGH8.0Stored XSS vulnerability in Jenkins 'keep forever' badge icon
from 0, < 2.244.1
HIGH8.0Stored XSS vulnerability in Jenkins upstream cause
from 0, < 2.244.1
HIGH8.0Stored XSS vulnerability in Jenkins job build time trend
from 0, < 2.244.1
HIGH8.0Stored XSS vulnerability in Jenkins console links
from 0, < 2.244.1
HIGH7.5Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
>= 2.426.3, < 2.541.3, >= 2.542.0, < 2.555.0
HIGH7.5Jenkins has a Denial of service vulnerability in HTTP-based CLI
from 0, < 2.528.3, >= 2.529.0, < 2.541.0
HIGH7.5jetty9 - security update
from 0, < 2.428.0
HIGH7.5Denial of service in Jenkins Core
from 0, < 2.394.0
HIGH7.5Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
from 0, < 2.361.1
HIGH7.5Unauthorized view fragment access in Jenkins
>= 2.335.0, < 2.355.1
HIGH7.5Session fixation vulnerability in Jenkins
>= 2.266.0, < 2.300.0
HIGH7.5libxstream-java - security update
from 0, < 2.319.3, >= 2.321.0, < 2.334.0
HIGH7.5Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
from 0, < 2.286.0
HIGH7.0Jenkins temporary plugin file created with insecure permissions
from 0, < 2.424.0
HIGH7.0Incorrect Authorization in Jenkins Core
from 0, < 2.394.0
MEDIUM6.5Jenkins-image: sensitive data disclosure when using openshift jenkins image
MEDIUM6.5Denial of service in Jenkins Core
from 0, < 2.394.0
MEDIUM6.5Path traversal vulnerability on Windows in Jenkins
from 0, < 2.314.1
MEDIUM6.5Excessive memory allocation in graph URLs leads to denial of service in Jenkins
from 0, < 2.274.1
MEDIUM6.5Arbitrary file read vulnerability in workspace browsers in Jenkins
from 0, < 2.274.1
MEDIUM6.5DoS vulnerability in bundled XStream library in Jenkins Core
from 0, < 2.334.0
MEDIUM6.3Improper handling of equivalent directory names on Windows in Jenkins
from 0, < 2.314.1
MEDIUM6.1Reflected XSS vulnerability in Jenkins markup formatter preview
from 0, < 2.274.1
MEDIUM5.8Jenkins vulnerable to UDP amplification reflection attack
from 0, < 2.218.1
MEDIUM5.4Jenkins cross-site request forgery (CSRF) vulnerability
>= 2.493.0, < 2.504.1
MEDIUM5.4Jenkins does not perform a permission check in an HTTP endpoint
from 0, < 2.462.1, >= 2.463.0, < 2.479.1
MEDIUM5.4Stored XSS vulnerability in Jenkins on new item page
from 0, < 2.274.1
MEDIUM5.4XSS vulnerability in Jenkins notification bar
from 0, < 2.274.1
MEDIUM5.4Stored XSS vulnerability in Jenkins button labels
from 0, < 2.274.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.251.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.227.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.227.1
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.227.1
MEDIUM5.4Jenkins Diagnostic page exposed session cookies
from 0, < 2.218.1
MEDIUM5.3Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job con…
from 0, < 2.568.0
MEDIUM5.3Jenkins has a log message injection vulnerability
from 0, < 2.516.3, >= 2.517.0, < 2.528.0
MEDIUM5.3Jenkins has a missing permission check, allowing users to obtain agent names
from 0, < 2.516.3, >= 2.517.0, < 2.528.0
MEDIUM5.3Observable timing discrepancy allows determining username validity in Jenkins
from 0, < 2.355.1
MEDIUM5.3Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
from 0, < 2.276.0
MEDIUM5.3Missing permission check for paths with specific prefix in Jenkins
from 0, < 2.274.1
MEDIUM5.3Non-constant time comparison of inbound TCP agent connection secret
from 0, < 2.218.1
MEDIUM5.3Non-constant time HMAC comparison
from 0, < 2.218.1
MEDIUM4.3Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" securit…
from 0, < 2.568.0
MEDIUM4.3Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine o…
from 0, < 2.568.0
MEDIUM4.3A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking…
from 0, < 2.568.0
MEDIUM4.3Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkin…
from 0, < 2.568.0
MEDIUM4.3Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkin…
from 0, < 2.568.0
MEDIUM4.3Jenkins has a build information disclosure vulnerability through Run Parameter
>= 2.483.0, < 2.541.2, >= 2.542.0, < 2.551.0
MEDIUM4.3Jenkins is missing a permission check on password fields
from 0, < 2.528.3, >= 2.529.0, < 2.541.0
MEDIUM4.3Jenkins's build authorization token is stored and displayed in plain text
from 0, < 2.528.3, >= 2.529.0, < 2.541.0
MEDIUM4.3Jenkins's build authorization token is stored and displayed in plain text
from 0, < 2.528.3, >= 2.529.0, < 2.541.0
MEDIUM4.3Jenkins is missing a permission check in the authenticated users' profile menu
from 0, < 2.516.3, >= 2.517.0, < 2.528.0
MEDIUM4.3Jenkins Missing Permission Check
from 0, < 2.492.3, >= 2.493.0, < 2.504.1
MEDIUM4.3Jenkins Missing Permission Check
from 0, < 2.492.3, >= 2.493.0, < 2.504.1
MEDIUM4.3Jenkins Open Redirect vulnerability
>= 2.493.0, < 2.504.1
MEDIUM4.3Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
>= 2.493.0, < 2.504.1
MEDIUM4.3Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
>= 2.493.0, < 2.504.1
MEDIUM4.3Jenkins exposes multi-line secrets through error messages
from 0, < 2.462.3
MEDIUM4.3Jenkins item creation restriction bypass vulnerability
from 0, < 2.462.3
MEDIUM4.3Jenkins does not exclude sensitive build variables from search
>= 2.50.0, < 2.424.0
MEDIUM4.3Incorrect Permission Preservation in Jenkins Core
from 0, < 2.394.0
MEDIUM4.3Improper permission checks allow canceling queue items and aborting builds in Jenkins
from 0, < 2.300.0
MEDIUM4.3View name validation bypass in Jenkins
from 0, < 2.286.1
MEDIUM4.3Lack of type validation in agent related REST API in Jenkins
from 0, < 2.286.1