Lucene search
K

30 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57291

Missing permission checks in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:13 p.m.11 views

EUVD-2026-32514

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.7 views

CVE-2022-23110

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS5.4AI score0.00819EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-6268

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00651EPSS
Exploits0References5
OSV
OSV
added 2025/09/19 9:57 a.m.4 views

BIT-JENKINS-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS6.7AI score0.04735EPSS
Exploits0References3
OSV
OSV
added 2025/09/17 3:30 p.m.1 views

GHSA-67V4-38H7-9JJP Jenkins has a missing permission check, allowing users to obtain agent names

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS5.9AI score0.04735EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.5 views

PT-2025-38151

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier Description Jenkins does not perform a permission check in the sidepanel of a page accessible to users lacking Overall/Read permission. This allows attackers without...

5.3CVSS6.6AI score0.04735EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.7 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.527 and earlier and LTS 2.516.2 and earlier, which stems from a failure to...

5.3CVSS7.3AI score0.04735EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/03/04 2:38 p.m.6 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/11/18 8:21 a.m.14 views

CVE-2024-52549

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check. Mitigation Mitigation f...

4.3CVSS6.2AI score0.0036EPSS
Exploits0References4
NVD
NVD
added 2024/03/06 5:15 p.m.35 views

CVE-2024-28155

Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names...

4.3CVSS5.5AI score0.0045EPSS
Exploits0References2
OSV
OSV
added 2023/05/16 6:30 p.m.20 views

GHSA-PP8M-PRR7-WR8W Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...

4.3CVSS4.7AI score0.72358EPSS
Exploits0References3
NVD
NVD
added 2023/05/16 5:15 p.m.16 views

CVE-2023-33004

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics...

4.3CVSS4.5AI score0.00425EPSS
Exploits0References1
Prion
Prion
added 2023/04/02 9:15 p.m.13 views

Cross site scripting

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

4.9CVSS5.2AI score0.00456EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3CVSS4.5AI score0.00691EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.29 views

Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.1AI score0.0045EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/28 12:0 a.m.23 views

GHSA-6XF5-C3CX-67PV Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...

8.8CVSS6.7AI score0.00651EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.4 views

CVE-2022-36917

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup...

4.3CVSS5.8AI score0.00488EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/07/27 2:24 p.m.36 views

CVE-2022-36898

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

5.2AI score0.00561EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.21 views

Jenkins Beaker builder Plugin Missing Authorization vulnerability

Jenkins Beaker builder Plugin 1.10 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...

4.3CVSS4.8AI score0.00553EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder