Lucene search
+L

14 matches found

OSV
OSV
added 2025/12/12 11:23 a.m.5 views

BIT-JENKINS-2025-67635

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...

7.5CVSS6.7AI score0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 6:30 p.m.7 views

EUVD-2025-202453

Jenkins has a Denial of service vulnerability in HTTP-based CLI...

7.5CVSS6.3AI score0.00515EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.15 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1890 more potentially affected by CVE-2025-67637 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.528.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67637 Source advisory: OSV:GHSA-FXJ7-6V9W-XC76...

4.3CVSS6.5AI score0.00159EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.12 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1890 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.528.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

7.5CVSS7.3AI score0.00515EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.7 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926) +626 more potentially affected by CVE-2025-67639 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.528.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =55.v51410e712e0c, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =1.281.v331e3f5a05a9, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =1.0.6 and more So...

3.5CVSS6.4AI score0.0016EPSS
Exploits0
EUVD
EUVD
added 2025/12/10 6:30 p.m.5 views

EUVD-2025-202457

Jenkins has a CSRF vulnerability on the login form...

3.5CVSS6.5AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 6:30 p.m.4 views

GHSA-9P56-P6MW-W8QC Jenkins has a Denial of service vulnerability in HTTP-based CLI

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...

7.5CVSS7.2AI score0.00515EPSS
Exploits0References5
OSV
OSV
added 2025/12/10 6:30 p.m.4 views

GHSA-HXJG-2JVF-H3RX Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS5.9AI score0.00139EPSS
Exploits0References4
NVD
NVD
added 2025/12/10 5:15 p.m.7 views

CVE-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

3.5CVSS0.0016EPSS
Exploits0References1
OSV
OSV
added 2025/12/10 5:15 p.m.7 views

CVE-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

3.5CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 4:50 p.m.35 views

CVE-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

0.0016EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50357

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description A cross-site request forgery CSRF issue exists in Jenkins that could allow an attacker to trick users into logging in to the attacker’s account. A CSRF...

3.5CVSS6.6AI score0.0016EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from a lack of...

4.3CVSS6.6AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50353

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted. This can allow unauthenticated attackers to cause ...

7.8CVSS6.5AI score0.00515EPSS
Exploits0References18
Rows per page
Query Builder