Lucene search
K

24067 matches found

Nuclei
Nuclei
added yesterday102 views

Jenkins <=2.218 - Information Disclosure

Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...

5.4CVSS6.2AI score0.07044EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday101 views

Jenkin Audit Trail <=3.2 - Cross-Site Scripting

Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.4AI score0.75975EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday99 views

Jenkins Git <=4.11.3 - Missing Authorization

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify...

7.5CVSS6.7AI score0.05563EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday168 views

Jenkins Script Security Plugin <=1.49 - Sandbox Bypass

A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin versions 1.49 and earlier within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on th...

8.8CVSS7AI score0.98428EPSS
Exploits17References6
Nuclei
Nuclei
added yesterday64 views

Jenkins <=2.196 - Cookie Exposure

Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue. id: CVE-2019-10405...

5.4CVSS6.1AI score0.65753EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday565 views

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

10CVSS6.8AI score0.98481EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago31 views

Jenkins CLI - HTTP Java Deserialization

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. id: CVE-2016-9299 info: name: Jenkins CLI - HTTP Java Deserialization author:...

9.8CVSS7.3AI score0.96943EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-57280

A flaw was found in Jenkins Script Security Plugin. This vulnerability allows attackers who can provide sandboxed Groovy scripts to bypass security sandbox protections. By exploiting a failure to properly intercept implicit type casts in typed for-each loops, an attacker can invoke arbitrary...

8.8CVSS6.4AI score0.00372EPSS
Exploits0References4
Nuclei
Nuclei
added last week78 views

Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting

Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the buildnow endpoint, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2096 info: name: Jenkins Gitlab Hook =1.4.3 to mitigate this vulnerability. reference: -...

6.1CVSS6.3AI score0.89434EPSS
Exploits5References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:11 p.m.7 views

Malicious code in ue-jenkins-buildkite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3f4ff9ea00766589ae9dece7648aa4ce29ac9bc82173fce0a1adefaeb6c8f5a [email protected] is a dependency-confusion package targeting an internal Epic Games / Unreal Engine CI namespace name evokes...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/02 9:11 p.m.5 views

MAL-2026-6731 Malicious code in ue-jenkins-buildkite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3f4ff9ea00766589ae9dece7648aa4ce29ac9bc82173fce0a1adefaeb6c8f5a [email protected] is a dependency-confusion package targeting an internal Epic Games / Unreal Engine CI namespace name evokes...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.115 views

Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery

Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. id: CVE-2018-1000600...

8.8CVSS7.3AI score0.90894EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-53440

A flaw was found in Jenkins. This vulnerability allows a remote attacker to perform phishing attacks. The 'Delegate to servlet container' security realm does not properly validate the 'from' parameter, which can be manipulated to redirect users to an attacker-controlled domain after they log in...

4.3CVSS5.9AI score0.00239EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/06/25 8:37 p.m.5 views

CVE-2026-53441 vulnerabilities

Vulnerabilities for packages: jenkins...

5.4CVSS5.8AI score0.00261EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/25 8:37 p.m.6 views

GHSA-93QH-VWRM-C5PW vulnerabilities

Vulnerabilities for packages: jenkins...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/06/25 6:7 a.m.6 views

Improper Control of Dynamically-Managed Code Resources

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via incomplete sandbox...

8.8CVSS5.8AI score0.00372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 2:10 a.m.13 views

CVE-2026-57281

A flaw was found in the Jenkins Script Security Plugin. Attackers with the ability to run sandboxed Groovy scripts can exploit this vulnerability to execute arbitrary code outside the sandbox environment. This is due to the plugin's failure to reject Groovy Abstract Syntax Tree AST transformation...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.9 views

CVE-2026-57285

A flaw was found in the Jenkins GitHub Branch Source Plugin. A missing permission check allows an attacker with Overall/Read permission to obtain the URLs of GitHub Enterprise servers. This information disclosure could expose sensitive configuration details of the Jenkins environment...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.10 views

CVE-2026-57283

A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...

6.5CVSS5.7AI score0.00158EPSS
Exploits0References4
Rows per page
Query Builder