Lucene search
K

11 matches found

Snyk
Snyk
added 2026/04/30 6:17 a.m.13 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.jenkins-ci.plugins:matrix-auth is a The Jenkins Plugins Parent POM Project Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the inheritanceStrategy deserialization path in...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/09 6:30 p.m.4 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where API keys are not masked. An attacker can obtain sensitive credentials by viewing the exposed API keys during job configuration. Remediation Upgrade...

6.9CVSS6.9AI score0.00252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/01 12:0 a.m.7 views

RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2025:10119)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10119 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...

8.7CVSS7.1AI score0.01119EPSS
Exploits1References10
Snyk
Snyk
added 2025/05/14 9:31 p.m.7 views

Access Control Bypass

Overview io.jenkins.plugins:oidc-provider is an OpenID Connect Provider Plugin for Jenkins. Affected versions of this package are vulnerable to Access Control Bypass via the generation of build ID Tokens using potentially overridden values of environment variables. An attacker can impersonate a...

9.1CVSS7AI score0.00609EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/02 3:31 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview io.jenkins.plugins:simple-queue is a plugin that enables to change queue order by simple up & down arrow buttons. UI Queue Sorter. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP endpoints. An attacker can manipulate the build queue order ...

5.3CVSS6.9AI score0.00249EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.21 views

RHEL 8 : Red Hat Product OCP Tools 4.13 Openshift Jenkins (RHSA-2024:8887)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8887 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

7.4CVSS6.6AI score0.01936EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2023/03/08 12:0 a.m.120 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3037 / CVE-2023-27898 XSS vulnerability in plugin manager Medium SECURITY-3030 / CVE-2023-24998 upstream issue, CVE-2023-27900 MultipartFormDataParser, CVE-2023-27901 StaplerRequest DoS vulnerability in bundled Apache Commons FileUpload library...

9.6CVSS6.5AI score0.46836EPSS
Exploits1References1
OSV
OSV
added 2022/05/18 12:0 a.m.34 views

GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

8CVSS5.8AI score0.00715EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2019/02/25 12:0 a.m.85 views

Jenkins Script Security 1.49 / Declarative 1.3.4 / Groovy 2.60 Remote Code Execution

!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...

6.5CVSS8.2AI score0.98428EPSS
Exploits17
seebug.org
seebug.org
added 2016/02/26 12:0 a.m.62 views

Jenkins 低权限用户 API 服务调用 可致远程命令执行

漏洞演示 将 Jenkins 跑起来后,在低权限用户下构造 XML 文档: hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec: 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本: 1.650 (1.650版本已修复该问题) 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看,约存在20000个潜在受到影响的目标。 相关链接...

9CVSS8.6AI score0.82697EPSS
Exploits23
Metasploit
Metasploit
added 2015/12/11 8:57 p.m.93 views

Jenkins CLI RMI Java Deserialization Vulnerability

This module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS8.9AI score0.86829EPSS
Exploits12
Rows per page
Query Builder