CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/09/03 3:2 p.m.•3 views

CVE-2025-58458

6.2AI score0.00106EPSS

Positive Technologies•added 2025/09/03 12:0 a.m.•3 views

PT-2025-35780

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 6.3.2 and earlier Description: The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This...

4.3CVSS6.3AI score0.00106EPSS

Exploits0References9

Snyk•added 2025/07/09 4:48 p.m.•1 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of the Xooa Deployment Token in the global configuration file on the Jenkins controller. An attacker can gain unauthorized access to sensitive credentials by obtaining access to the Jenkins controller...

6.8CVSS7AI score0.00105EPSS

Snyk•added 2025/07/09 4:47 p.m.•3 views

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information in the storage of the JWT token in the global configuration file on the controller. An attacker can access sensitive authentication credentials by obtaining access to the controller file system...

6.8CVSS7AI score0.00143EPSS

RedhatCVE•added 2025/05/23 9:5 a.m.•2 views

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

4.3CVSS6.8AI score0.00126EPSS

AlpineLinux•added 2025/04/02 2:59 p.m.•3 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS7.1AI score0.00937EPSS

RedHat Linux•added 2025/03/04 2:40 p.m.•2 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.00276EPSS

RedHat Linux•added 2025/03/04 2:38 p.m.•2 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

4.3CVSS5.8AI score0.00276EPSS

RedHat Linux•added 2025/03/04 2:20 p.m.•4 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

4.3CVSS5.8AI score0.00276EPSS

OSV•added 2024/11/27 5:15 p.m.•0 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

4.3CVSS5.8AI score

NVD•added 2024/11/27 5:15 p.m.•16 views

CVE-2024-54004

4.3CVSS0.01476EPSS

CVE•added 2024/11/13 8:53 p.m.•300 views

CVE-2024-52549

CVE-2024-52549 affects Jenkins Script Security Plugin (1367.vdf2fc45f229c and earlier, with exceptions 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776). The issue is a missing permission check in a form-validation method, allowing attackers with Overall/Read permission to determine wheth...

4.3CVSS6.9AI score0.00276EPSS

Exploits0References1Affected Software1

OSV•added 2024/08/07 3:30 p.m.•1 views

GHSA-H856-FFVV-XVR4 Jenkins Remoting library arbitrary file read vulnerability

Jenkins uses the Remoting library typically agent.jar or remoting.jar for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller build steps, etc. can be executed on...

9CVSS7.2AI score0.65896EPSS

Exploits4References9

Cvelist•added 2024/08/07 1:27 p.m.•35 views

CVE-2024-43044

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the ClassLoaderProxyfetchJar method in the Remoting library...

0.65896EPSS

Exploits4References1

RedhatCVE•added 2024/06/27 4:23 a.m.•25 views

CVE-2024-39459

A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...

6.5CVSS6.3AI score0.00162EPSS

AlpineLinux•added 2024/06/26 5:6 p.m.•2 views

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...

4.3CVSS6.9AI score0.00162EPSS