ROS-20260524-73-0044

A vulnerability in the Jenkins Automation Server is related to incorrect symbolic link detection prior to file access during .tar and .tar.gz archive extraction. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...

ROS-20250417-03

The Jenkins Automation Server vulnerability is related to the fact that the vulnerable plugin does not edit encrypted secret values when accessing config.xml of agents via REST API or CLI. Exploitation of the vulnerability could Allow an attacker acting remotely to gain access to potentially...

Jenkins plugin Pipeline:Groovy 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

ROS-20241015-08

A vulnerability in the Jenkins Automation Server is related to an issue with item creation constraint bypass. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the restrictions and create a temporary item The Jenkins Automation Server vulnerability exists because...

ROS-20240918-10

The Jenkins Automation Server vulnerability is related to a lack of permission checking at the endpoint of the HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Jenkins Automation Server Remoting library vulnerability is...

Jenkins groovy.util.Expando Java deserialization vulnerability

Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...