DNS Rebinding

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to DNS Rebinding in the origin validation process for WebSocket CLI requests due to reliance on the Host or X-Forwarded-Host HTTP headers. An attacker can bypass origin...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the Run Parameter values. An attacker can access information about the existence of job...

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the toggling of sidepanel widgets such as Build Queue and Build Executor Status. An attacker can manipulate actions on behalf ...

GHSA-C5R9-RX53-Q3GF Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copies of shared libraries. This allows attackers...