Lucene search
K

52 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.11 views

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

4.3CVSS0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.24 views

CVE-2026-57300

The CVE-2026-57300 entry concerns Jenkins MCP Server Plugin versions 0.177.v629fdb_2557fe and earlier, where a missing permission check allows attackers with Item/Read permission to read Pipeline replay scripts for jobs they can access. The vulnerability stems from inadequate access control on pi...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/12 8:43 a.m.7 views

BIT-JENKINS-2026-53438

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 1:6 p.m.40 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:5 p.m.12 views

EUVD-2026-36022

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.5AI score0.00213EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 4:18 a.m.7 views

Sensitive Information Disclosure

Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-6349

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00995EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1003

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00876EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4887

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.01982EPSS
Exploits0References9
Snyk
Snyk
added 2025/07/09 4:47 p.m.4 views

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of credentials in config.xml files. An attacker can obtain sensitive information by accessing these files either through the Jenkins controller file system or by having Item/Extended Read permission...

6.8CVSS6.7AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53656

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.8 views

PT-2025-28905 · Jenkins · Jenkins Aqua Security Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are...

4.3CVSS5.9AI score0.00191EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.11 views

CVE-2019-1003045

A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...

6.5CVSS6.5AI score0.01613EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:53 a.m.9 views

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

5.3CVSS6.8AI score0.00897EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/02 3:31 p.m.13 views

Jenkins monitor-remote-job Plugin Stores Passwords Unencrypted

Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of publication of this...

5.5CVSS6.9AI score0.00276EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/06 5:2 p.m.38 views

CVE-2024-28159

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

6.5AI score0.00495EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/25 8:27 a.m.28 views

Sensitive Information Exposure

jenkins-core is vulnerable to Sensitive Information Exposure. The vulnerability is due to the fitsSearchBuildVariables method in HistoryPageFilter.java. This method handles all build variables the same way without considering it's sensitivity which can lead attackers with Item/Read permission to...

4.3CVSS6.4AI score0.03388EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/09/20 5:15 p.m.25 views

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4.3CVSS6.5AI score0.03388EPSS
Exploits0References2
Prion
Prion
added 2023/09/20 5:15 p.m.47 views

Code injection

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4CVSS4.7AI score0.03388EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.4 views

PT-2023-28844 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.50 through 2.423 Jenkins LTS versions 2.60.1 through 2.414.1 Description: The issue allows attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characte...

4.3CVSS5.1AI score0.03388EPSS
Exploits0References15
Rows per page
Query Builder