Filtered by vendor Jenkins
Subscriptions
Total
1676 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47889 | 1 Jenkins | 1 Wso2 Oauth | 2025-06-12 | 9.8 Critical |
| In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist. | ||||
| CVE-2024-34148 | 1 Jenkins | 2 Jenkins, Subversion Partial Release Manager | 2025-06-06 | 6.8 Medium |
| Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'. | ||||
| CVE-2024-28159 | 1 Jenkins | 1 Subversion Partial Release Manager | 2025-06-06 | 4.3 Medium |
| A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. | ||||
| CVE-2024-28158 | 1 Jenkins | 1 Subversion Partial Release Manager | 2025-06-06 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. | ||||
| CVE-2025-24398 | 1 Jenkins | 1 Bitbucket Server Integration | 2025-06-06 | 8.8 High |
| Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. | ||||
| CVE-2023-49673 | 2 Jenkins, Jenkins Project | 5 Google Compute Engine, Jira, Matlab and 2 more | 2025-06-05 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2024-23899 | 2 Jenkins, Redhat | 2 Git Server, Ocp Tools | 2025-06-04 | 6.5 Medium |
| Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | ||||
| CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | ||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | 6.5 Medium |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | ||||
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2025-05-29 | 9.8 Critical |
| A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | ||||
| CVE-2022-41228 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-05-28 | 8.8 High |
| A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41227 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-05-28 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. | ||||
| CVE-2022-41226 | 1 Jenkins | 1 Compuware Common Configuration | 2025-05-28 | 9.8 Critical |
| Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-41225 | 1 Jenkins | 1 Anchore Container Image Scanner | 2025-05-28 | 5.4 Medium |
| Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine. | ||||
| CVE-2022-41224 | 1 Jenkins | 1 Jenkins | 2025-05-28 | 5.4 Medium |
| Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component. | ||||
| CVE-2022-41254 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 6.5 Medium |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41253 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41252 | 1 Jenkins | 1 Cons3rt | 2025-05-28 | 4.3 Medium |
| Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2022-41251 | 1 Jenkins | 1 Apprenda | 2025-05-28 | 4.3 Medium |
| A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-41245 | 1 Jenkins | 1 Worksoft Execution Manager | 2025-05-28 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||