CVE-2026-48925

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...

Missing Authorization

Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

Jenkins plugin MCP Server 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

GHSA-RC33-44QP-VPVQ Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure

Jenkins Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default. This allows unauthenticated attackers to trigger builds of...

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

CVE-2023-30532

A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30522

A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter...

CVE-2023-30521

A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2023-30521

A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

PT-2023-22761 · Jenkins · Jenkins Turboscript Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TurboScript Plugin versions 1.3 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. Recommendations...

Cross-Site Request Forgery (CSRF)

jenkins-2-plugins is vulnerable to Cross-Site Request Forgery CSRF. An attacker is able to trigger builds of jobs configured to use an attacker-specified Git repository and cause them to check out an attacker-specified commit...

SUSE CVE-2018-1000013

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds...

jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git

A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...

Missing Authorization in Jenkins XP-Dev Plugin

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

CVE-2022-45389

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

CVE-2022-45389

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

Design/Logic Flaw

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

CVE-2022-45385

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...

Jenkins Plugin CloudBees Docker Hub/Registry Notification 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin CloudBees...