CVE-2026-53441

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

CVE-2026-53441

CVE-2026-53441 affects Jenkins core/UI configuration handling. Versions affected: Jenkins 2.483–2.567 (inclusive) and LTS 2.492.1–2.555.2 (inclusive). The issue arises because the user-provided description for a generic offline cause can be set via the POST config.xml API, and is not escaped, lea...

BIT-JENKINS-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

CVE-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

CVE-2026-27099

Jenkins CVE-2026-27099 affects Jenkins versions 2.483–2.550 (and LTS 2.492.1–2.541.1) where the description for the “Mark temporarily offline” offline cause is not escaped, causing stored cross-site scripting (XSS). The vulnerability can be exploited by attackers with Agent/Configure or Agent/Dis...

EUVD-2022-4966

Malicious code in bioql PyPI...

GHSA-2463-7265-H8R4 Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2022-34788

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

Stored XSS vulnerability in computer-queue-plugin Plugin

computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips...

GHSA-QG66-XV7V-M834 Stored XSS vulnerability in computer-queue-plugin Plugin

computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips...

CVE-2022-20615

A stored Cross-site scripting XSS vulnerability was found in the Jenkins Matrix Project plugin. There are no escape HTML metacharacters in node, label names, and label descriptions, which allows an attacker with Agent/Configure permissions to perform an XSS attack...

Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

jenkins: Path traversal vulnerability in agent names

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jenkins: Path traversal vulnerability in agent names

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Design/Logic Flaw

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file...

CVE-2021-21605

CVE-2021-21605 is a path traversal vulnerability in Jenkins where users with Agent/Configure permission can select agent names that cause Jenkins to override unrelated global config.xml files. Public details show affected versions include Jenkins 2.274 and earlier, LTS 2.263.1 and earlier; fixed ...

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...