25 matches found
CVE-2019-10435
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...
GHSA-X9HJ-Q7XV-FV4V Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...
CVE-2025-27625
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash \ characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as...
CVE-2024-52549 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-47072 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-HFQ9-HGGM-C56Q vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-47855 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-F9QJ-77Q2-H5C5 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-PJ95-PH4Q-4QM4 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-47804 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2024-47803 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-2RMJ-MQ67-H97G vulnerabilities
Vulnerabilities for packages: kayenta-fips, apache-nifi, kayenta, thingsboard...
GHSA-8PV9-QH96-9HC6 vulnerabilities
Vulnerabilities for packages: jenkins...
GHSA-XFX3-CR74-X3CV vulnerabilities
Vulnerabilities for packages: jenkins...
BIT-JENKINS-2021-21692
FilePathrenameTo and FilePathmoveAllChildrenTo in Jenkins LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'...
PT-2024-22305 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to trigger a build. Recommendations: For Jenkins Subversion Partial...
CVE-2024-22243 vulnerabilities
Vulnerabilities for packages: kayenta-fips, kayenta...
PT-2023-28184 · Jenkins · Jenkins Frugal Testing Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Frugal Testing Plugin versions 1.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from...
GHSA-922H-X9QV-2274 Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability
PegDown Formatter Plugin uses the PegDown library to implement support for rendering Markdown formatted descriptions in Jenkins. It advertises disabling of HTML to prevent cross-site scripting XSS as a feature. PegDown Formatter Plugin does not prevent the use of javascript: scheme in URLs for...