Lucene search
K

48 matches found

AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.8 views

CVE-2026-53438

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.5AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48423

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description A missing permission check allows attackers who possess the Item/Cancel permission, but lack the Item/Read permission, to cancel queue items that they are not...

4.3CVSS5.2AI score0.00213EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 3:15 p.m.65 views

CVE-2026-33001

Jenkins 2.554 and earlier (including LTS 2.541.2) is affected by CVE-2026-33001 due to unsafe handling of symbolic links during extraction of .tar/.tar.gz archives, causing arbitrary file writes on the filesystem. Exploitation is possible by attackers with Item/Configure permission or those who c...

8.8CVSS5.9AI score0.01161EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2025/12/10 5:15 p.m.6 views

CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.6AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/14 9:45 p.m.8 views

Directus is Vulnerable to Stored Cross-site Scripting

Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...

5.5CVSS5.8AI score0.00215EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/11/13 9:13 p.m.8 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS0.00215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/13 9:13 p.m.3 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.5AI score0.00215EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.5 views

PT-2025-46912

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS issue exists that allows users with upload files and edit item permissions to...

5.5CVSS5.6AI score0.00215EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.4 views

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands...

7.2AI score0.00556EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-10358

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00571EPSS
Exploits2References2
AlpineLinux
AlpineLinux
added 2025/07/09 4:15 p.m.6 views

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

8.2CVSS7.2AI score0.00618EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.7 views

CVE-2022-34183

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00602EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/07 12:0 a.m.8 views

CVE-2025-28409

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/parentId endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId...

7.4AI score0.00571EPSS
Exploits2References2
OSV
OSV
added 2024/11/13 9:15 p.m.7 views

CVE-2024-52550

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer approv...

8CVSS5.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/05 11:25 a.m.4 views

jenkins: Item creation restriction bypass vulnerability

A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...

4.3CVSS5.8AI score0.00684EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/24 6:52 p.m.65 views

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...

4.3CVSS6.6AI score0.00831EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2024/03/06 5:15 p.m.32 views

Design/Logic Flaw

Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to...

6.4AI score0.00939EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:56 a.m.24 views

BIT-JENKINS-2023-27902

Jenkins LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents...

4.3CVSS4.6AI score0.00745EPSS
Exploits0References2
CVE
CVE
added 2024/01/24 5:52 p.m.388 views

CVE-2024-23900

CVE-2024-23900 affects Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier. The flaw: the plugin does not sanitize user-defined axis names for multi-configuration projects, allowing attackers with Item/Configure permission to write or replace config.xml files on the Jenkins controller fi...

4.3CVSS4.6AI score0.00691EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.34 views

Jenkins does not exclude sensitive build variables from search

Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc. Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables...

4.3CVSS6.6AI score0.03388EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder