BIT-JENKINS-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

CVE-2026-53440

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-53437

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between //, allowing attackers to perform phishing attacks...

CVE-2026-53435

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have a vulnerability related...

RHCOS 4 : OpenShift Container Platform 4.7.11 (RHSA-2021:1551)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1551 advisory. - golang: math/big: panic during recursive division of very large numbers CVE-2020-28362 - golang: crypto/elliptic: incorrect...

RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RHCOS 4 : OpenShift Container Platform 4.1.16 jenkins (RHSA-2019:2789)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2789 advisory. - jenkins: stored cross-site scripting in update center web pages SECURITY-1453 CVE-2019-10383 - jenkins: CSRF protection tokens for...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:2503)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2503 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...

RHCOS 4 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RHCOS 4 : OpenShift Container Platform 4.8.15 (RHSA-2021:3820)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3820 advisory. - jenkins: improper permission checks allow canceling queue items and aborting builds CVE-2021-21670 - jenkins: session fixation...

RHCOS 4 : OpenShift Container Platform 4.1 jenkins (RHSA-2019:2548)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2548 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:3144)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3144 advisory. - jenkins: stored cross-site scripting in update center web pages SECURITY-1453 CVE-2019-10383 - jenkins: CSRF protection tokens for...

RHCOS 2 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory. - CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3577 - apache-commons-collections: InvokerTransformer...

RHCOS 6 : Red Hat OpenShift Enterprise 1.1.2 update (Moderate) (RHSA-2013:0638)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0638 advisory. - rubygem-rack: Path sanitization information disclosure CVE-2013-0262 - rubygem-rack: Timing attack in cookie sessions CVE-2013-026...

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

ROS-20260320-73-0006

Vulnerability in jenkins related to lack of protection for proprietary data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260320-73-0005

Vulnerability in jenkins due to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Jenkins has a link following vulnerability allows arbitrary file creation

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...