23 matches found
CVE-2026-10276
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-10276
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
EUVD-2026-33712
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-10276
The CVE-2026-10276 entry describes a vulnerability in hekmon8 Jenkins-server-mcp 0.1.0. The issue affects the function jobPath in src/index.ts within the get_build_status/get_build_log/trigger_build components and leads to server-side request forgery. The attack may be performed remotely, and the...
CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
PT-2026-45497
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get build status/get build log/trigger build. Such manipulation leads to server-side request forgery. The attack may be performed from...
Jenkins Server MCP code issue vulnerabilities
Jenkins Server MCP is a model context protocol server developed by Hekmon for individual developers to interact with Jenkins CI/CD servers. Version 0.1.0 of Jenkins Server MCP contains code vulnerabilities. These vulnerabilities stem from incorrect operations in the functions jobPath of the files...
Exploit for OS Command Injection in Gnu Bash
AppAssault Lab — Attacking Common Applications ╔═════...
CVE-2025-64132
Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...
PT-2025-44281
Name of the Vulnerable Software and Affected Versions Jenkins MCP Server Plugin versions 0.84.v50ca 24ef83f2 and earlier Description The Jenkins MCP Server Plugin does not properly enforce permission checks in several MCP tools. This allows attackers to initiate builds and access sensitive job an...
IBM: Jenkins server access due to weak password
Jenkins server access was gained due to a weak password. The issue was reported to IBM, analyzed, and remediated...
Missing authorization in Jenkins Plug-in for ServiceNow
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
Jenkins plugins Multiple Vulnerabilities (2022-09-21)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple installation and usage instructions...
Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test
Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...
CVE-2019-10413
Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Important: Red Hat Security Advisory: Red Hat OpenShift Container Platform 4.1 jenkins-2-plugins security update
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
GE Aviation Passwords, Source Code Exposed in Open Jenkins Server
A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure. GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine...
Jenkins - Remote Code Execution Exploit
Exploit for java platform in category web applications Jenkins - Remote Code Execution Exploit In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...