17 matches found
BIT-JENKINS-2025-67638
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
BIT-JENKINS-2025-67635
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...
EUVD-2025-202453
Jenkins has a Denial of service vulnerability in HTTP-based CLI...
EUVD-2025-202457
Jenkins has a CSRF vulnerability on the login form...
GHSA-9P56-P6MW-W8QC Jenkins has a Denial of service vulnerability in HTTP-based CLI
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service...
GHSA-HXJG-2JVF-H3RX Jenkins's build authorization token is stored and displayed in plain text
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2025-67638
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-67637
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-50357
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description A cross-site request forgery CSRF issue exists in Jenkins that could allow an attacker to trick users into logging in to the attacker’s account. A CSRF...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from a lack of...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from unencrypted...
PT-2025-50354
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description A missing permission check allows attackers with View/Read permission to view encrypted password values in views. Recommendations Update Jenkins to a versi...
PT-2025-50353
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted. This can allow unauthenticated attackers to cause ...