4 matches found
15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)
A new report by VulnCheck exposes a critical command injection flaw CVE-2025-53652 in the Jenkins Git Parameter plugin.…...
The vulnerability of the Sensedia API Platform Tools for Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Sensedia Api Platform tools for Jenkins servers relates to the storage of tokens in an unencrypted form within the file com.sensedia.configuration.SensediaApiConfiguration.xml. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to...
Code injection
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...
broadcast-jenkins-discover NSE Script
Discovers Jenkins servers on a LAN by sending a discovery broadcast probe. For more information about Jenkins auto discovery, see: Script Arguments broadcast-jenkins.address address to which the probe packet is sent. default: 255.255.255.255 broadcast-jenkins.timeout socket timeout default: 5s...