Lucene search
K

1684 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.22 views

PT-2026-44010

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

5.8AI score0.0027EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.6.12 (RHSA-2021:0038)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0038 advisory. - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity XXE attacks CVE-2020-2304 -...

7.5CVSS5.8AI score0.03813EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.16 views

RHCOS 4 : OpenShift Container Platform 4.5.27 (RHSA-2021:0034)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0034 advisory. - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity XXE attacks CVE-2020-2304 -...

6.5CVSS7.2AI score0.02269EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2431 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...

8.1CVSS6.9AI score0.7795EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.6.59 (RHSA-2022:4947)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4947 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 - credentials: Stored XSS vulnerabilities in jenkin...

7.8CVSS6.9AI score0.7855EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.10.33 (RHSA-2022:6531)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6531 advisory. - jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin CVE-2022-34176 - jenkins-plugin: Arbitrary file write vulnerability...

7.5CVSS5.8AI score0.77007EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/30 6:17 a.m.5 views

Cross-site Scripting (XSS)

Overview com.coravy.hudson.plugins.github:github is a Jenkins GitHub plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via JavaScript validation logic for the “GitHub hook trigger for GITScm polling” feature. An attacker can execute arbitrary JavaScript code by...

9.4CVSS5.8AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 4:26 p.m.5 views

Open Redirect

Overview org.jenkins-ci.plugins:azure-ad is a Jenkins Plugin that supports authentication & authorization via Azure Active Directory. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious...

6.3CVSS5.8AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 3:30 p.m.6 views

GHSA-JP6G-G3V3-6GVF Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability

Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...

4.3CVSS5.7AI score0.00212EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.10 views

Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability

Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...

4.3CVSS5.7AI score0.00212EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/29 2:16 p.m.9 views

CVE-2026-42521

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure...

6.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.39 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 1:31 p.m.18 views

CVE-2026-42525

The CVE-2026-42525 entry concerns the Jenkins Microsoft Entra ID (formerly Azure AD) Plugin, specifically version 666.v6060de32f87d and earlier. The vulnerability is that the plugin does not restrict the redirect URL after login, enabling phishing-style attacks via credential/redirect redirection...

4.3CVSS5.2AI score0.00212EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/29 1:31 p.m.6 views

CVE-2026-42525

Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.35 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

4.8AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 1:31 p.m.5 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS4.8AI score0.00281EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/29 1:31 p.m.7 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS5.9AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.4 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

5.2AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 1:31 p.m.23 views

CVE-2026-42522

The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder