1684 matches found
PT-2026-44010
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...
RHCOS 4 : OpenShift Container Platform 4.6.12 (RHSA-2021:0038)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0038 advisory. - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity XXE attacks CVE-2020-2304 -...
RHCOS 4 : OpenShift Container Platform 4.5.27 (RHSA-2021:0034)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0034 advisory. - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity XXE attacks CVE-2020-2304 -...
RHCOS 4 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2431 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...
RHCOS 4 : OpenShift Container Platform 4.6.59 (RHSA-2022:4947)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4947 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 - credentials: Stored XSS vulnerabilities in jenkin...
RHCOS 4 : OpenShift Container Platform 4.10.33 (RHSA-2022:6531)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6531 advisory. - jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin CVE-2022-34176 - jenkins-plugin: Arbitrary file write vulnerability...
Cross-site Scripting (XSS)
Overview com.coravy.hudson.plugins.github:github is a Jenkins GitHub plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via JavaScript validation logic for the “GitHub hook trigger for GITScm polling” feature. An attacker can execute arbitrary JavaScript code by...
Open Redirect
Overview org.jenkins-ci.plugins:azure-ad is a Jenkins Plugin that supports authentication & authorization via Azure Active Directory. Affected versions of this package are vulnerable to Open Redirect via the redirect URL parameter after authentication. An attacker can redirect users to malicious...
GHSA-JP6G-G3V3-6GVF Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...
CVE-2026-42521
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42525
The CVE-2026-42525 entry concerns the Jenkins Microsoft Entra ID (formerly Azure AD) Plugin, specifically version 666.v6060de32f87d and earlier. The vulnerability is that the plugin does not restrict the redirect URL after login, enabling phishing-style attacks via credential/redirect redirection...
CVE-2026-42525
Jenkins Microsoft Entra ID previously Azure AD Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42524
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2026-42522
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-42522
The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...