VuXML ID | Description |
a250539d-d1d4-4591-afd3-c8bdfac335d8 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1682 / CVE-2020-2099
Inbound TCP Agent Protocol/3 authentication bypass
(Medium) SECURITY-1641 / CVE-2020-2100
Jenkins vulnerable to UDP amplification reflection attack
(Medium) SECURITY-1659 / CVE-2020-2101
Non-constant time comparison of inbound TCP agent connection secret
(Medium) SECURITY-1660 / CVE-2020-2102
Non-constant time HMAC comparison
(Medium) SECURITY-1695 / CVE-2020-2103
Diagnostic page exposed session cookies
(Medium) SECURITY-1650 / CVE-2020-2104
Memory usage graphs accessible to anyone with Overall/Read
(Low) SECURITY-1704 / CVE-2020-2105
Jenkins REST APIs vulnerable to clickjacking
(Medium) SECURITY-1680 / CVE-2020-2106
Stored XSS vulnerability in Code Coverage API Plugin
(Medium) SECURITY-1565 / CVE-2020-2107
Fortify Plugin stored credentials in plain text
(High) SECURITY-1719 / CVE-2020-2108
XXE vulnerability in WebSphere Deployer Plugin
Discovery 2020-01-29 Entry 2020-01-29 jenkins
<= 2.219
jenkins-lts
<= 2.204.2
CVE-2020-2099
CVE-2020-2100
CVE-2020-2101
CVE-2020-2102
CVE-2020-2103
CVE-2020-2104
CVE-2020-2105
CVE-2020-2106
CVE-2020-2107
CVE-2020-2108
https://jenkins.io/security/advisory/2020-01-29/
|
425f2143-8876-4b0a-af84-e0238c5c2062 | jenkins -- Arbitrary file read vulnerability in workspace browsers
Jenkins Security Advisory:
Description
(Medium) SECURITY-2197 / CVE-2021-21615
Arbitrary file read vulnerability in workspace browsers
Discovery 2021-01-26 Entry 2021-01-26 jenkins
< 2.276
jenkins-lts
< 2.263.3
https://www.jenkins.io/security/advisory/2021-01-26/
|
4ebdd56b-fe72-11ee-bc57-00e081b7aa2d | jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
Jenkins Security Advisory:
Description
(Medium) SECURITY-3386 / CVE-2023-48795
Terrapin SSH vulnerability in Jenkins CLI client
Discovery 2024-04-17 Entry 2024-04-19 jenkins
< 2.452
jenkins-lts
< 2.440.3
CVE-2023-48795
https://www.jenkins.io/security/advisory/2024-04-17/
|
402fccd0-5b6d-11ee-9898-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-3261 / CVE-2023-43494
Builds can be filtered by values of sensitive build variables
(High) SECURITY-3245 / CVE-2023-43495
Stored XSS vulnerability
(High) SECURITY-3072 / CVE-2023-43496
Temporary plugin file created with insecure permissions
(Low) SECURITY-3073 / CVE-2023-43497 (Stapler), CVE-2023-43498 (MultipartFormDataParser)
Temporary uploaded file created with insecure permissions
Discovery 2023-09-20 Entry 2023-09-25 jenkins
< 2.424
jenkins-lts
< 2.414.2
CVE-2023-43494
CVE-2023-43495
CVE-2023-43496
CVE-2023-43497
https://www.jenkins.io/security/advisory/2023-09-20/
|
9720bb39-f82a-402f-9fe4-e2c875bdda83 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1498 / CVE-2019-10401
Stored XSS vulnerability in expandable textbox form control
(Medium) SECURITY-1525 / CVE-2019-10402
XSS vulnerability in combobox form control
(Medium) SECURITY-1537 (1) / CVE-2019-10403
Stored XSS vulnerability in SCM tag action tooltip
(Medium) SECURITY-1537 (2) / CVE-2019-10404
Stored XSS vulnerability in queue item tooltip
(Medium) SECURITY-1505 / CVE-2019-10405
Diagnostic web page exposed Cookie HTTP header
(Medium) SECURITY-1471 / CVE-2019-10406
XSS vulnerability in Jenkins URL setting
Discovery 2019-09-25 Entry 2019-09-25 jenkins
<= 2.196
jenkins-lts
<= 2.176.3
CVE-2019-10401
CVE-2019-10402
CVE-2019-10403
CVE-2019-10404
CVE-2019-10405
CVE-2019-10406
https://jenkins.io/security/advisory/2019-09-25/
|
672eeea9-a070-4f88-b0f1-007e90a2cbc3 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-2558 / CVE-2022-20612
CSRF vulnerability in build triggers
Discovery 2022-01-12 Entry 2022-01-12 jenkins
< 2.330
jenkins-lts
< 2.319.2
CVE-2022-20612
https://www.jenkins.io/security/advisory/2022-01-12/
|
25be46f0-f25d-11ec-b62a-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)
Multiple XSS vulnerabilities
(Medium) SECURITY-2566 / CVE-2022-34174
Observable timing discrepancy allows determining username validity
(Medium) Unauthorized view fragment access
SECURITY-2777 / CVE-2022-34175
Discovery 2022-06-22 Entry 2022-06-22 jenkins
< 2.356
jenkins-lts
< 2.346.1
CVE-2022-34170
CVE-2022-34171
CVE-2022-34172
CVE-2022-34173
CVE-2022-34174
CVE-2022-34175
https://www.jenkins.io/security/advisory/2022-06-22/
|
df3db21d-1a4d-4c78-acf7-4639e5a795e0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1424 / CVE-2019-10352
Arbitrary file write vulnerability using file parameter definitions
(High) SECURITY-626 / CVE-2019-10353
CSRF protection tokens did not expire
(Medium) SECURITY-534 / CVE-2019-10354
Unauthorized view fragment access
Discovery 2019-07-17 Entry 2019-07-17 jenkins
< 2.186
jenkins-lts
< 2.176.2
CVE-2019-10352
CVE-2019-10353
CVE-2019-10354
https://jenkins.io/security/advisory/2019-07-17/
|
f68bb358-be8e-11ed-9215-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-3037 / CVE-2023-27898
XSS vulnerability in plugin manager
(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)
DoS vulnerability in bundled Apache Commons FileUpload library
(Medium) SECURITY-1807 / CVE-2023-27902
Workspace temporary directories accessible through directory browser
(Low) SECURITY-3058 / CVE-2023-27903
Temporary file parameter created with insecure permissions
(Low) SECURITY-2120 / CVE-2023-27904
Information disclosure through error stack traces related to agents
Discovery 2023-03-08 Entry 2023-03-09 jenkins
< 2.394
jenkins-lts
< 2.387.1
CVE-2023-27898
CVE-2023-24998
CVE-2023-27900
CVE-2023-27901
CVE-2023-27902
CVE-2023-27903
CVE-2023-27904
https://www.jenkins.io/security/advisory/2023-03-08/
|
db8fa362-0ccb-4aa8-9220-72b7763e9a4a | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-3430 / CVE-2024-43044
Arbitrary file read vulnerability through agent connections can lead to RCE
Description
(Medium) SECURITY-3349 / CVE-2024-43045
Missing permission check allows accessing other users' "My Views"
Discovery 2024-08-07 Entry 2024-08-07 jenkins
< 2.471
jenkins-lts
< 2.462.1
CVE-2024-43044
CVE-2024-43045
https://www.jenkins.io/security/advisory/2024-08-07/
|
eef0d2d9-78c0-441e-8b03-454c5baebe20 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1955 / CVE-2020-2229
Stored XSS vulnerability in help icons
(High) SECURITY-1957 / CVE-2020-2230
Stored XSS vulnerability in project naming strategy
(High) SECURITY-1960 / CVE-2020-2231
Stored XSS vulnerability in 'Trigger builds remotely'
Discovery 2020-08-12 Entry 2020-08-12 jenkins
< 2.252
jenkins-lts
< 2.235.4
CVE-2020-2229
CVE-2020-2230
CVE-2020-2231
https://www.jenkins.io/security/advisory/2020-08-12/
|
1ee26d45-6ddb-11ee-9898-00e081b7aa2d | jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) SECURITY-3291 / CVE-2023-36478, CVE-2023-44487
HTTP/2 denial of service vulnerability in bundled Jetty
Discovery 2023-10-18 Entry 2023-10-18 jenkins
< 2.428
jenkins-lts
< 2.414.3
CVE-2023-36478
CVE-2023-44487
https://www.jenkins.io/security/advisory/2023-10-18/
|
7a7891fc-6318-447a-ba45-31d525ec11a0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1453 / CVE-2019-10383
Stored XSS vulnerability in update center
(High) SECURITY-1491 / CVE-2019-10384
CSRF protection tokens for anonymous users did not expire in some circumstances
Discovery 2019-08-28 Entry 2019-08-28 jenkins
<= 2.191
jenkins-lts
<= 2.176.2
CVE-2019-10383
CVE-2019-10384
https://jenkins.io/security/advisory/2019-08-28/
|
9bad457e-b396-4452-8773-15bec67e1ceb | jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
Jenkins Security Advisory:
Description
(Medium) SECURITY-2475 / CVE-2014-3577
Jenkins core bundles vulnerable version of the commons-httpclient library
Discovery 2021-10-06 Entry 2021-10-07 jenkins
< 2.315
jenkins-lts
< 2.303.2
CVE-2014-3577
https://www.jenkins.io/security/advisory/2021-10-06/
|
8e9c3f5a-715b-4336-8d05-19babef55e9e | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1289
Jenkins accepted cached legacy CLI authentication
(Medium) SECURITY-1327
XSS vulnerability in form validation button
Discovery 2019-04-10 Entry 2019-04-10 jenkins
< 2.172
jenkins-lts
< 2.164.2
https://jenkins.io/security/advisory/2019-04-10/
|
6905f05f-a0c9-11e8-8335-8c164535ad80 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Low) SECURITY-637
Jenkins allowed deserialization of URL objects with host components
(Medium) SECURITY-672
Ephemeral user record was created on some invalid authentication attempts
(Medium) SECURITY-790
Cron expression form validation could enter infinite loop, potentially resulting in denial of service
(Low) SECURITY-996
"Remember me" cookie was evaluated even if that feature is disabled
(Medium) SECURITY-1071
Unauthorized users could access agent logs
(Low) SECURITY-1076
Unauthorized users could cancel scheduled restarts initiated from the update center
Discovery 2018-08-15 Entry 2018-08-15 jenkins
< 2.138
jenkins-lts
< 2.121.3
https://jenkins.io/security/advisory/2018-08-15/
|
d6f76976-e86d-4f9a-9362-76c849b10db2 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1452 / CVE-2021-21602
Arbitrary file read vulnerability in workspace browsers
(High) SECURITY-1889 / CVE-2021-21603
XSS vulnerability in notification bar
(High) SECURITY-1923 / CVE-2021-21604
Improper handling of REST API XML deserialization errors
(High) SECURITY-2021 / CVE-2021-21605
Path traversal vulnerability in agent names
(Medium) SECURITY-2023 / CVE-2021-21606
Arbitrary file existence check in file fingerprints
(Medium) SECURITY-2025 / CVE-2021-21607
Excessive memory allocation in graph URLs leads to denial of service
(High) SECURITY-2035 / CVE-2021-21608
Stored XSS vulnerability in button labels
(Low) SECURITY-2047 / CVE-2021-21609
Missing permission check for paths with specific prefix
(High) SECURITY-2153 / CVE-2021-21610
Reflected XSS vulnerability in markup formatter preview
(High) SECURITY-2171 / CVE-2021-21611
Stored XSS vulnerability on new item page
Discovery 2021-01-13 Entry 2021-01-13 jenkins
< 2.275
jenkins-lts
< 2.263.2
https://www.jenkins.io/security/advisory/2021-01-13/
|
8b03d274-56ca-489e-821a-cf32f07643f0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-3314 / CVE-2024-23897
Arbitrary file read vulnerability through the CLI can lead to RCE
Description
(High) SECURITY-3315 / CVE-2024-23898
Cross-site WebSocket hijacking vulnerability in the CLI
Discovery 2024-01-24 Entry 2024-01-24 jenkins
< 2.422
jenkins-lts
< 2.426.3
CVE-2024-23897
CVE-2024-23898
https://www.jenkins.io/security/advisory/2024-01-24/
|
3aa27226-f86f-11e8-a085-3497f683cb16 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-595
Code execution through crafted URLs
(Medium) SECURITY-904
Forced migration of user records
(Medium) SECURITY-1072
Workspace browser allowed accessing files outside the workspace
(Medium) SECURITY-1193
Potential denial of service through cron expression form validation
Discovery 2018-12-05 Entry 2018-12-05 jenkins
< 2.154
jenkins-lts
< 2.138.3
https://jenkins.io/security/advisory/2018-12-05/
|
b4db7d78-bb62-4f4c-9326-6e9fc2ddd400 | jenkins -- CSRF protection bypass vulnerability
Jenkins Security Advisory:
Description
(High) SECURITY-3135 / CVE-2023-35141
CSRF protection bypass vulnerability
Discovery 2023-06-14 Entry 2023-06-14 jenkins
< 2.400
jenkins-lts
< 2.401.1
CVE-2023-35141
https://www.jenkins.io/security/advisory/2023-06-14/
|
20a1881e-8a9e-11e8-bddf-d017c2ca229d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-897 / CVE-2018-1999001
Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart
(High) SECURITY-914 / CVE-2018-1999002
Arbitrary file read vulnerability
(Medium) SECURITY-891 / CVE-2018-1999003
Unauthorized users could cancel queued builds
(Medium) SECURITY-892 / CVE-2018-1999004
Unauthorized users could initiate and abort agent launches
(Medium) SECURITY-944 / CVE-2018-1999005
Stored XSS vulnerability
(Medium) SECURITY-925 / CVE-2018-1999006
Unauthorized users are able to determine when a plugin was extracted from its JPI package
(Medium) SECURITY-390 / CVE-2018-1999007
XSS vulnerability in Stapler debug mode
Discovery 2018-07-18 Entry 2018-07-18 jenkins
< 2.133
jenkins-lts
< 2.121.2
CVE-2018-1999001
CVE-2018-1999002
CVE-2018-1999003
CVE-2018-1999004
CVE-2018-1999005
CVE-2018-1999006
CVE-2018-1999007
https://jenkins.io/security/advisory/2018-07-18/
|
5bf6ed6d-9002-4f43-ad63-458f59e45384 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1774 / CVE-2020-2160
CSRF protection for any URL could be bypassed
(Medium) SECURITY-1781 / CVE-2020-2161
Stored XSS vulnerability in label expression validation
(Medium) SECURITY-1793 / CVE-2020-2162
Stored XSS vulnerability in file parameters
(Medium) SECURITY-1796 / CVE-2020-2163
Stored XSS vulnerability in list view column headers
Discovery 2020-03-25 Entry 2020-03-25 jenkins
<= 2.227
jenkins-lts
<= 2.204.5
CVE-2020-2160
CVE-2020-2161
CVE-2020-2162
CVE-2020-2163
https://jenkins.io/security/advisory/2020-03-25/
|
a0321b74-031d-485c-bb76-edd75256a6f0 | jenkins -- Stored XSS vulnerability
Jenkins Security Advisory:
Description
(High) SECURITY-3188 / CVE-2023-39151
Stored XSS vulnerability
Discovery 2023-07-26 Entry 2023-07-26 jenkins
< 2.416
jenkins-lts
< 2.401.3
CVE-2023-39151
https://www.jenkins.io/security/advisory/2023-07-26/
|
9d271bab-da22-11eb-86f0-94c691a700a6 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-2278 / CVE-2021-21670
Improper permission checks allow canceling queue items and aborting builds
(High) SECURITY-2371 / CVE-2021-21671
Session fixation vulnerability
Discovery 2021-06-30 Entry 2021-07-01 jenkins
< 2.300
jenkins-lts
< 2.289.2
CVE-2021-21670
CVE-2021-21671
https://www.jenkins.io/security/advisory/2021-06-30/
|
1ddab5cb-14c9-4632-959f-802c412a9593 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1868 / CVE-2020-2220
Stored XSS vulnerability in job build time trend
(High) SECURITY-1901 / CVE-2020-2221
Stored XSS vulnerability in upstream cause
(High) SECURITY-1902 / CVE-2020-2222
Stored XSS vulnerability in 'keep forever' badge icons
(High) SECURITY-1945 / CVE-2020-2223
Stored XSS vulnerability in console links
Discovery 2020-07-15 Entry 2020-07-15 jenkins
< 2.245
jenkins-lts
< 2.235.2
CVE-2020-2220
CVE-2020-2221
CVE-2020-2222
CVE-2020-2223
https://www.jenkins.io/security/advisory/2020-07-15/
|
debf6353-5753-4e9a-b710-a83ecdd743de | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-868
Administrators could persist access to Jenkins using crafted 'Remember me' cookie
(Medium) SECURITY-901
Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie
Discovery 2019-01-16 Entry 2019-01-16 jenkins
< 2.160
jenkins-lts
< 2.150.2
https://jenkins.io/security/advisory/2019-01-16/
|
09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8 | jenkins -- Buffer corruption in bundled Jetty
Jenkins Security Advisory:
Description
(Critical) SECURITY-1983 / CVE-2019-17638
Buffer corruption in bundled Jetty
Discovery 2020-08-17 Entry 2020-08-17 jenkins
< 2.243
jenkins-lts
< 2.235.5
CVE-2019-17638
https://www.jenkins.io/security/advisory/2020-08-17/
|
e358b470-b37d-4e47-bc8a-2cd9adbeb63c | jenkins -- Denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) JENKINS-65280 / CVE-2021-28165
Denial of service vulnerability in bundled Jetty
Discovery 2021-04-20 Entry 2021-04-20 jenkins
< 2.286
jenkins-lts
< 2.277.3
https://www.jenkins.io/security/advisory/2021-04-20/
CVE-2021-28165
|
3350275d-cd5a-11e8-a7be-3497f683cb16 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Low) SECURITY-867
Path traversal vulnerability in Stapler allowed accessing internal data
(Medium) SECURITY-1074
Arbitrary file write vulnerability using file parameter definitions
(Medium) SECURITY-1129
Reflected XSS vulnerability
(Medium) SECURITY-1162
Ephemeral user record was created on some invalid authentication attempts
(Medium) SECURITY-1128
Ephemeral user record creation
(Medium) SECURITY-1158
Session fixation vulnerability on user signup
(Medium) SECURITY-765
Failures to process form submission data could result in secrets being displayed or written to logs
Discovery 2018-10-10 Entry 2018-10-11 jenkins
< 2.146
jenkins-lts
< 2.138.2
https://jenkins.io/security/advisory/2018-10-10/
|
9595d002-edeb-4602-be2d-791cd654247e | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Low) SECURITY-1721 / CVE-2021-21639
Lack of type validation in agent related REST API
(Medium) SECURITY-1871 / CVE-2021-21640
View name validation bypass
Discovery 2021-04-07 Entry 2021-04-08 jenkins
< 2.287
jenkins-lts
< 2.277.2
https://www.jenkins.io/security/advisory/2021-04-07/
|
2bf56269-90f8-4a82-b82f-c0e289f2a0dc | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
(High) SECURITY-2423 / CVE-2021-21696
Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
(High) SECURITY-2428 / CVE-2021-21697
Agent-to-controller access control allows reading/writing most content of build directories
(Medium) SECURITY-2506 / CVE-2021-21698
Path traversal vulnerability in Subversion Plugin allows reading arbitrary files
Discovery 2021-11-04 Entry 2021-11-04 jenkins
< 2.319
jenkins-lts
< 2.303.3
CVE-2021-21685
CVE-2021-21686
CVE-2021-21687
CVE-2021-21688
CVE-2021-21689
CVE-2021-21690
CVE-2021-21691
CVE-2021-21692
CVE-2021-21693
CVE-2021-21694
CVE-2021-21695
CVE-2021-21696
CVE-2021-21697
CVE-2021-21698
https://www.jenkins.io/security/advisory/2021-11-04/
|
2e3bea0c-f110-11ee-bc57-00e081b7aa2d | jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) SECURITY-3379 / CVE-2024-22201
HTTP/2 denial of service vulnerability in bundled Jetty
Discovery 2024-03-20 Entry 2024-04-02 jenkins
< 2.444
jenkins-lts
< 2.440.2
CVE-2024-22201
https://www.jenkins.io/security/advisory/2024-03-20/
|
0b0ad196-1ee8-4a98-89b1-4d5d82af49a9 | jenkins -- DoS vulnerability in bundled XStream library
Jenkins Security Advisory:
Description
(Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)
DoS vulnerability in bundled XStream library
Discovery 2022-02-09 Entry 2022-02-10 jenkins
< 2.334
jenkins-lts
< 2.319.3
CVE-2021-43859
CVE-2022-0538
https://www.jenkins.io/security/advisory/2022-02-09/
|