CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE >= 1.606, < 2.426.3
>= 2.50, < 2.57
CRITICAL9.8⚠ KEVDeserialization of Untrusted Data in Jenkins
from 0, < 2.138.4
HIGH7.5⚠ KEVJenkins discloses project names via fingerprints
from 0, < 1.625.2
CRITICAL9.8Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
>= 1.498, < 2.32.2
CRITICAL9.8Jenkins allows Execution of Code by Opening a JRMP Listener
>= 1.643, < 1.650
CRITICAL9.8Exposure of Sensitive Information in Jenkins Core
from 0, < 1.650
CRITICAL9.8Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
>= 2.20, < 2.32
CRITICAL9.1Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
from 0, < 2.303.3
CRITICAL9.0Jenkins Remoting library arbitrary file read vulnerability
from 0, < 2.452.4
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
HIGH8.8Jenkins has a link following vulnerability allows arbitrary file creation
from 0, < 2.555
HIGH8.8Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
>= 2.217, < 2.426.3
HIGH8.8Cross-site Scripting vulnerability in Jenkins
>= 2.376, < 2.394
HIGH8.8Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
from 0, < 2.303.3
HIGH8.8Cross-Site Request Forgery in Jenkins
from 0, < 2.204.6
HIGH8.8Cross-Site Request Forgery in Jenkins
from 0, < 2.176.3
HIGH8.8Jenkins allows Deserialization of Untrusted Data via an XML File
>= 1.643, < 1.650
HIGH8.8Cross-Site Request Forgery in Jenkins
>= 2.50, < 2.57
HIGH8.8Improper Authentication in Jenkins
>= 2.50, < 2.57
HIGH8.8OS Command Injection in Jenkins
from 0, < 2.73.2
HIGH8.8Deserialization of Untrusted Data in Jenkins
from 0, < 2.32.2
HIGH8.8Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
>= 1.626, < 1.640
HIGH8.8Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
>= 1.626, < 1.640
HIGH8.8Improper Input Validation in Jenkins
from 0, < 2.121.2
HIGH8.8Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
from 0, < 1.466.2
HIGH8.6Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
from 0, < 2.204.2
HIGH8.2Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.138.4
HIGH8.1Race Condition in Jenkins
>= 2.81, < 2.89.2
HIGH8.1Cross-Site Request Forgery in Jenkins
>= 2.81, < 2.89.2
HIGH8.1Insufficient Session Expiration in Jenkins
from 0, < 2.164.2
HIGH8.1Path Traversal in Jenkins
from 0, < 2.107.3
HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description
>= 2.483, < 2.568
HIGH8.0Jenkins has a stored XSS vulnerability in node offline cause description
>= 2.542, < 2.551
HIGH8.0Jenkins Cross-site Scripting vulnerability
>= 2.50, < 2.414.2
HIGH8.0Jenkins Stored Cross-site Scripting vulnerability
>= 2.402, < 2.414.1
HIGH8.0Jenkins CSRF protection bypass vulnerability
from 0, < 2.400
HIGH8.0Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
>= 2.367, < 2.370
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.350, < 2.356
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.340, < 2.356
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.350, < 2.356
HIGH8.0Cross-site Scripting vulnerability in Jenkins
>= 2.340, < 2.356
HIGH8.0Path traversal vulnerability in Jenkins agent names
from 0, < 2.263.2
HIGH8.0Improper handling of REST API XML deserialization errors in Jenkins
from 0, < 2.263.2
HIGH8.0Jenkins Cross-site Scripting vulnerability in project naming strategy
from 0, < 2.235.4
HIGH8.0Jenkins Cross-Site Scripting vulnerability in help icons
from 0, < 2.235.4
HIGH8.0Stored XSS vulnerability in Jenkins 'keep forever' badge icon
from 0, < 2.235.2
HIGH8.0Stored XSS vulnerability in Jenkins console links
from 0, < 2.235.2
HIGH8.0Stored XSS vulnerability in Jenkins upstream cause
from 0, < 2.235.2
HIGH8.0Stored XSS vulnerability in Jenkins job build time trend
from 0, < 2.235.2
HIGH7.8Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.138.2
HIGH7.5Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
>= 2.442, < 2.555
HIGH7.5Jenkins has a Denial of service vulnerability in HTTP-based CLI
>= 2.529, < 2.541
HIGH7.5Denial of service in Jenkins Core
>= 2.388, < 2.394
HIGH7.5Unauthorized view fragment access in Jenkins
>= 2.335, < 2.356
HIGH7.5Session fixation vulnerability in Jenkins
>= 2.292, < 2.300
HIGH7.5XML external entity (XXE) vulnerability in Jenkins
>= 1.597, < 1.600
HIGH7.5XML external entity (XXE) vulnerability in Jenkins
>= 1.597, < 1.600
HIGH7.5Cross-Site Request Forgery in Jenkins
from 0, < 2.176.2
HIGH7.5Improper Input Validation in Jenkins
from 0, < 2.73.2
HIGH7.5Missing Release of Resource after Effective Lifetime in Jenkins
from 0, < 2.121.3
HIGH7.5Jenkins does not Verify Checksums for Plugin Files
from 0, < 1.625.2
HIGH7.5Improper Input Validation in Jenkins
from 0, < 2.121.2
HIGH7.5Hash collision attack vulnerability in Jenkins
>= 1.425, < 1.447
HIGH7.4Jenkins affected by Open Redirect Vulnerability
>= 1.652, < 2.3
HIGH7.3Improper Input Validation in Jenkins
from 0, < 2.73.3
HIGH7.2Improper Authorization in Jenkins Core
from 0, < 2.150.2
HIGH7.2Improper Authorization in Jenkins Core
from 0, < 2.159
HIGH7.0Jenkins temporary plugin file created with insecure permissions
>= 2.50, < 2.414.2
HIGH7.0Incorrect Authorization in Jenkins Core
>= 2.376, < 2.387.1
MEDIUM6.5Denial of service in Jenkins Core
>= 2.388, < 2.394
MEDIUM6.5Path traversal vulnerability on Windows in Jenkins
from 0, < 2.303.2
MEDIUM6.5Excessive memory allocation in graph URLs leads to denial of service in Jenkins
from 0, < 2.263.2
MEDIUM6.5Arbitrary file read vulnerability in workspace browsers in Jenkins
from 0, < 2.263.2
MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.176.2
MEDIUM6.5Jenkins allows Remote Users to Inject Build Parameters
>= 1.660, < 2.3
MEDIUM6.5Jenkins Exposes Sensitive Information from Job Configuration
>= 1.652, < 2.3
MEDIUM6.5Deserialization of Untrusted Data in Jenkins
>= 2.50, < 2.57
MEDIUM6.5Path Traversal in Jenkins
from 0, < 2.138.2
MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.138.2
MEDIUM6.5Incorrect Authorization in Jenkins
from 0, < 2.121.3
MEDIUM6.5Infinite Loop in Jenkins Core
from 0, < 2.138
MEDIUM6.5Loop with Unreachable Exit Condition in Jenkins
from 0, < 2.138.4
MEDIUM6.5Improper Authorization in Jenkins
from 0, < 2.138.2
MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.89.4
MEDIUM6.5DoS vulnerability in bundled XStream library in Jenkins Core
>= 2.320, < 2.334
MEDIUM6.3Improper handling of equivalent directory names on Windows in Jenkins
>= 2.304, < 2.315
MEDIUM6.1Reflected XSS vulnerability in Jenkins markup formatter preview
from 0, < 2.263.2
MEDIUM6.1Jenkins has CRLF Injection Vulnerability in the CLI
>= 1.643, < 1.650
MEDIUM6.1Cross-site Scripting in Jenkins
from 0, < 2.138.2
MEDIUM6.1Jenkins allows Cross-Site Scripting (XSS) via Crafted URL
from 0, < 1.466.2
MEDIUM5.9Improper Certificate Validation in Jenkins
from 0, < 2.73.2
MEDIUM5.8Jenkins vulnerable to UDP amplification reflection attack
from 0, < 2.204.2
MEDIUM5.4Jenkins cross-site request forgery (CSRF) vulnerability
>= 2.493, < 2.500
MEDIUM5.4Jenkins does not perform a permission check in an HTTP endpoint
from 0, < 2.452.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4Stored XSS vulnerability in Jenkins on new item page
from 0, < 2.263.2
MEDIUM5.4Stored XSS vulnerability in Jenkins button labels
from 0, < 2.275
MEDIUM5.4XSS vulnerability in Jenkins notification bar
from 0, < 2.275
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.235.4
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.228
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.228
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.228
MEDIUM5.4Jenkins Diagnostic page exposed session cookies
>= 2.205, < 2.219
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
>= 1.626, < 1.640
MEDIUM5.4Improper Authentication in Jenkins
from 0, < 2.121.3
MEDIUM5.4Session Fixation in Jenkins
from 0, < 2.138.2
MEDIUM5.4Cross-site Scripting in Jenkins Core
>= 2.108, < 2.116
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.32.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.32.2
MEDIUM5.4Incorrect Permission Assignment for Critical Resource in Jenkins
from 0, < 2.32.2
MEDIUM5.4Cross-Site Request Forgery in Jenkins
from 0, < 2.32.2
MEDIUM5.4Incorrect Authorization in Jenkins
from 0, < 2.32.2
MEDIUM5.4Cross-site Scripting in Jenkins
from 0, < 2.32.2
MEDIUM5.4Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin
from 0, < 2.121.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.121.2
MEDIUM5.4Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.164.2
MEDIUM5.3Jenkins has a missing permission check, allowing users to obtain agent names
from 0, < 2.516.3
MEDIUM5.3Jenkins has a log message injection vulnerability
from 0, < 2.516.3
MEDIUM5.3Observable timing discrepancy allows determining username validity in Jenkins
>= 2.334, < 2.356
MEDIUM5.3Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
from 0, < 2.263.3
MEDIUM5.3Missing permission check for paths with specific prefix in Jenkins
from 0, < 2.263.2
MEDIUM5.3Non-constant time HMAC comparison
from 0, < 2.204.2
MEDIUM5.3Non-constant time comparison of inbound TCP agent connection secret
from 0, < 2.204.2
MEDIUM5.3Jenkins HttpOnly flag not Set for session cookies
from 0, < 1.586
MEDIUM5.3Jenkins secure flag not set on session cookies
from 0, < 1.586
MEDIUM5.3Exposure of Sensitive Information in Jenkins Core
from 0, < 1.650
MEDIUM5.3Deserialization of Untrusted Data in Jenkins
from 0, < 2.121.3
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.107.2
MEDIUM5.3Server-Side Request Forgery in Jenkins
from 0, < 2.89.4
MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.89.4
MEDIUM4.8Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM4.8Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.3
MEDIUM4.8Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.73.3
MEDIUM4.7Cross-site Scripting in Jenkins Core
from 0, < 2.94
MEDIUM4.3Jenkins has a build information disclosure vulnerability through Run Parameter
>= 2.542, < 2.551
MEDIUM4.3Jenkins's build authorization token is stored and displayed in plain text
>= 2.529, < 2.541
MEDIUM4.3Jenkins's build authorization token is stored and displayed in plain text
>= 2.529, < 2.541
MEDIUM4.3Jenkins is missing a permission check on password fields
>= 2.529, < 2.541
MEDIUM4.3Jenkins is missing a permission check in the authenticated users' profile menu
from 0, < 2.516.3
MEDIUM4.3Jenkins Missing Permission Check
>= 2.500, < 2.504
MEDIUM4.3Jenkins Missing Permission Check
>= 2.500, < 2.504
MEDIUM4.3Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
from 0, < 2.492.2
MEDIUM4.3Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
>= 2.493, < 2.500
MEDIUM4.3Jenkins Open Redirect vulnerability
from 0, < 2.492.2
MEDIUM4.3Jenkins item creation restriction bypass vulnerability
from 0, < 2.462.3
MEDIUM4.3Jenkins exposes multi-line secrets through error messages
from 0, < 2.462.3
MEDIUM4.3Jenkins does not exclude sensitive build variables from search
>= 2.50, < 2.414.2
MEDIUM4.3Incorrect Permission Preservation in Jenkins Core
>= 2.376, < 2.387.1
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.176.4
MEDIUM4.3Improper permission checks allow canceling queue items and aborting builds in Jenkins
from 0, < 2.289.2
MEDIUM4.3View name validation bypass in Jenkins
from 0, < 2.277.2
MEDIUM4.3Lack of type validation in agent related REST API in Jenkins
from 0, < 2.277.2
MEDIUM4.3Arbitrary file existence check in file fingerprints in Jenkins
from 0, < 2.263.2
MEDIUM4.3Memory usage graphs accessible to anyone with Overall/Read
from 0, < 2.204.2
MEDIUM4.3Missing Authorization in Jenkins
from 0, < 2.176.2
MEDIUM4.3Exposure of Sensitive Information in Jenkins Core
from 0, < 2.3
MEDIUM4.3Incorrect Authorization in Jenkins Core
from 0, < 2.3
MEDIUM4.3Missing permissions check in Jenkins Core
from 0, < 2.3
MEDIUM4.3Jenkins Exposes Sensitive Information via API URL
>= 1.652, < 2.3
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.121.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.121.3
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.138.4
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.73.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.73.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.73.2
MEDIUM4.3Inadequate Encryption Strength in Jenkins
from 0, < 2.32.2
MEDIUM4.3Incomplete List of Disallowed Inputs in Jenkins
from 0, < 2.32.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
MEDIUM4.3Improper Authentication in Jenkins
from 0, < 2.32.2
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
MEDIUM4.3Missing Authorization in Jenkins
from 0, < 2.73.2
MEDIUM4.3Incorrect Authorization in Jenkins Core
from 0, < 2.44
MEDIUM4.3Injection in Jenkins
from 0, < 2.107.3
MEDIUM4.3Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.107.3
MEDIUM4.3Incorrect Authorization in Jenkins
from 0, < 2.121.2
MEDIUM4.3Cross-Site Request Forgery in Jenkins
from 0, < 2.107.3
MEDIUM4.3Incorrect Authorization in Jenkins
from 0, < 2.121.2
MEDIUM4.3Cross-Site Request Forgery in Jenkins
>= 2.320, < 2.330
LOW3.6Jenkins temporary uploaded file created with insecure permissions
>= 2.50, < 2.414.2
LOW3.6Jenkins temporary uploaded file created with insecure permissions
>= 2.50, < 2.414.2
LOW3.6Incorrect Authorization in Jenkins Core
>= 2.376, < 2.387.1
LOW3.5Jenkins has a CSRF vulnerability on the login form
>= 2.529, < 2.541
LOW3.5Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
LOW3.1Information disclosure through error stack traces related to agents
>= 2.376, < 2.387.1
LOW3.1Jenkins REST APIs vulnerable to clickjacking
from 0, < 2.204.2
LOW2.2Improper Input Validation in Jenkins
from 0, < 2.73.2
—Jenkins allows Cross-Site Scripting (XSS)
from 0, < 1.409.3
—Jenkins allows Remote Attackers to Hijack Sessions
from 0, < 1.532.2
—Jenkins allows attackers to configure restricted projects
>= 1.481, < 1.502
—Jenkins allows attackers to execute arbitrary jobs
>= 1.533, < 1.551
—Jenkins does not invalidate the API token when a user is deleted
>= 1.533, < 1.551
—Jenkins Vulnerable to Clickjacking
>= 1.533, < 1.551
—Jenkin allows attackers to obtain passwords by reading the HTML source code
>= 1.533, < 1.551
—Jenkins allows attackers to determine whether a user exists
>= 1.533, < 1.551
—Jenkins session fixation vulnerability
>= 1.533, < 1.551
—Jenkins allows attackers to obtain sensitive information
>= 1.533, < 1.551
—Jenkins cross-site scripting (XSS) vulnerability
>= 1.533, < 1.551
—Jenkins Denial of Service vulnerability
>= 1.566, < 1.583
—Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
>= 1.566, < 1.583
—Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
>= 1.566, < 1.583
—Jenkins improperly ensures trust separation
from 0, < 1.587
—Jenkins allows for Code Execution via Crafted Packet to the CLI
>= 1.566, < 1.583
—Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
>= 1.566, < 1.583
—Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
>= 1.597, < 1.600
—Jenkins allows for Privilege Escalation by Remote Authenticated Users
>= 1.597, < 1.600
—Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
>= 1.566, < 1.583
—Jenkins allows Cross-Site Scripting (XSS)
>= 1.597, < 1.606
—Jenkins Vulnerable to Denial of Service (DoS)
>= 1.597, < 1.600
—Jenkins allows for Privilege Escalation by Remote Authenticated Users
>= 1.597, < 1.606
—Jenkins Cross-site Scripting vulnerability
from 0, < 1.596.2
—Jenkins Cross-Site Request Forgery vulnerabilities
from 0, < 1.509.1
—Jenkins allows Cross-Site Scripting (XSS) in User Configuration
from 0, <= 1.523
—Jenkins directory traversal vulnerability
>= 1.533, < 1.551
—Jenkins cross-site scripting (XSS) vulnerability
>= 1.533, < 1.551
—Jenkins Path Traversal vulnerability
>= 1.566, < 1.583
—Jenkins allows Cross-Site Scripting (XSS)
>= 1.481, < 1.491
—Jenkins allows HTTP Injection and Response Splitting
>= 1.481, < 1.491
—Jenkins affected by Open Redirect Vulnerability
from 0, < 1.480.1
—Jenkins vulnerable to Cross-site Scripting
from 0, < 1.509.1
—Jenkins Cross-site Scripting vulnerability
>= 1.566, < 1.583
—Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
>= 1.626, < 1.638
—Jenkins has Local File Inclusion Vulnerability
>= 1.626, < 1.638
—Jenkins allows Cross-Site Scripting (XSS)
from 0, < 1.625.2
—Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
>= 1.626, < 1.638
—Jenkins allows Bypass of Access Restrictions
from 0, < 1.625.2
—Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
from 0, < 1.625.2
—Jenkins allows Unauthorized Viewing of Queue API Information
>= 1.626, < 1.638
—Jenkins allows Administrators to Access API Tokens
from 0, < 1.625.2
—Jenkins has Information Disclosure via Sidepanel Widget
>= 1.626, < 1.638
—Jenkins Cross-Site Request Forgery vulnerability
>= 1.481, < 1.502
—Jenkins Cross-Site Request Forgery vulnerability
>= 1.481, < 1.502
—Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
>= 1.481, < 1.502
—Jenkins subject to Cross-site Scripting
from 0, < 1.502
—Jenkins allows Remote Users to Build Arbitrary Jobs
>= 1.481, < 1.502
—Jenkins allows attackers to obtain the master cryptographic key
>= 1.481, < 1.498
—Jenkins allows Cross-Site Scripting (XSS)
>= 1.425, < 1.454
—Jenkins allows Cross-Site Scripting (XSS)
>= 1.425, < 1.454