| CVE-2017-1000362 |
critical |
9.8 |
9.8 |
9y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
|
| CVE-2016-9299 |
critical |
9.8 |
9.8 |
10y ago |
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins |
|
| CVE-2016-0791 |
critical |
9.8 |
9.8 |
10y ago |
Exposure of Sensitive Information in Jenkins Core |
|
| CVE-2016-0788 |
critical |
9.8 |
9.8 |
10y ago |
Jenkins allows Execution of Code by Opening a JRMP Listener |
|
| CVE-2021-21686 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21694 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21692 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21685 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21690 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21687 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21688 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21689 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21691 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21693 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21697 |
critical |
— |
9.5 |
4y ago |
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins |
|
| CVE-2021-21695 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21696 |
critical |
— |
9.5 |
4y ago |
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin |
|
| CVE-2016-0792 |
high |
8.8 |
8.8 |
10y ago |
Jenkins allows Deserialization of Untrusted Data via an XML File |
|
| CVE-2015-7538 |
high |
8.8 |
8.8 |
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
|
| CVE-2015-7537 |
high |
8.8 |
8.8 |
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
|
| CVE-2021-21671 |
high |
— |
8.0 |
4y ago |
Session fixation vulnerability in Jenkins |
|
| CVE-2021-21670 |
high |
— |
8.0 |
4y ago |
Improper permission checks allow canceling queue items and aborting builds in Jenkins |
|
| CVE-2021-21611 |
high |
— |
8.0 |
4y ago |
Stored XSS vulnerability in Jenkins on new item page |
|
| CVE-2021-21605 |
high |
— |
8.0 |
4y ago |
Path traversal vulnerability in Jenkins agent names |
|
| CVE-2021-21607 |
high |
— |
8.0 |
4y ago |
Excessive memory allocation in graph URLs leads to denial of service in Jenkins |
|
| CVE-2021-21610 |
high |
— |
8.0 |
4y ago |
Reflected XSS vulnerability in Jenkins markup formatter preview |
|
| CVE-2021-21608 |
high |
— |
8.0 |
4y ago |
Stored XSS vulnerability in Jenkins button labels |
|
| CVE-2021-21602 |
high |
— |
8.0 |
4y ago |
Arbitrary file read vulnerability in workspace browsers in Jenkins |
|
| CVE-2021-21606 |
high |
— |
8.0 |
4y ago |
Arbitrary file existence check in file fingerprints in Jenkins |
|
| CVE-2021-21604 |
high |
— |
8.0 |
4y ago |
Improper handling of REST API XML deserialization errors in Jenkins |
|
| CVE-2021-21603 |
high |
— |
8.0 |
4y ago |
XSS vulnerability in Jenkins notification bar |
|
| CVE-2021-21609 |
high |
— |
8.0 |
4y ago |
Missing permission check for paths with specific prefix in Jenkins |
|
| CVE-2019-10353 |
high |
— |
8.0 |
4y ago |
Cross-Site Request Forgery in Jenkins |
|
| CVE-2019-10352 |
high |
— |
8.0 |
4y ago |
Improper Limitation of a Pathname to a Restricted Directory in Jenkins |
|
| CVE-2019-10354 |
high |
— |
8.0 |
4y ago |
Missing Authorization in Jenkins |
|
| CVE-2017-1000355 |
high |
— |
8.0 |
4y ago |
Deserialization of Untrusted Data in Jenkins |
|
| CVE-2017-1000356 |
high |
— |
8.0 |
4y ago |
Cross-Site Request Forgery in Jenkins |
|
| CVE-2017-1000354 |
high |
— |
8.0 |
4y ago |
Improper Authentication in Jenkins |
|
| CVE-2018-1999006 |
high |
— |
8.0 |
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
|
| CVE-2018-1999002 |
high |
— |
8.0 |
4y ago |
Improper Input Validation in Jenkins |
|
| CVE-2018-1999007 |
high |
— |
8.0 |
4y ago |
Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin |
|
| CVE-2018-1999004 |
high |
— |
8.0 |
4y ago |
Incorrect Authorization in Jenkins |
|
| CVE-2018-1999005 |
high |
— |
8.0 |
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
|
| CVE-2018-1999001 |
high |
— |
8.0 |
4y ago |
Improper Input Validation in Jenkins |
|
| CVE-2018-1999003 |
high |
— |
8.0 |
4y ago |
Incorrect Authorization in Jenkins |
|
| CVE-2015-7539 |
high |
7.5 |
7.5 |
11y ago |
Jenkins does not Verify Checksums for Plugin Files |
|
| CVE-2015-5325 |
high |
— |
7.5 |
11y ago |
Jenkins allows Bypass of Access Restrictions |
|
| CVE-2015-1814 |
high |
— |
7.5 |
11y ago |
Jenkins allows for Privilege Escalation by Remote Authenticated Users |
|
| CVE-2014-2063 |
high |
— |
7.5 |
12y ago |
Jenkins Vulnerable to Clickjacking |
|
| CVE-2014-3666 |
high |
— |
7.5 |
12y ago |
Jenkins allows for Code Execution via Crafted Packet to the CLI |
|
| CVE-2013-0329 |
high |
— |
7.5 |
13y ago |
Jenkins Cross-Site Request Forgery vulnerability |
|
| CVE-2016-3726 |
high |
7.4 |
7.4 |
10y ago |
Jenkins affected by Open Redirect Vulnerability |
|
| CVE-2015-5318 |
medium |
— |
6.8 |
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
|
| CVE-2014-3665 |
medium |
— |
6.8 |
11y ago |
Jenkins improperly ensures trust separation |
|
| CVE-2014-2066 |
medium |
— |
6.8 |
12y ago |
Jenkins session fixation vulnerability |
|
| CVE-2013-2034 |
medium |
— |
6.8 |
12y ago |
Jenkins Cross-Site Request Forgery vulnerabilities |
|
| CVE-2013-0327 |
medium |
— |
6.8 |
13y ago |
Jenkins Cross-Site Request Forgery vulnerability |
|
| CVE-2016-3724 |
medium |
6.5 |
6.5 |
10y ago |
Jenkins Exposes Sensitive Information from Job Configuration |
|
| CVE-2015-5323 |
medium |
— |
6.5 |
11y ago |
Jenkins allows Administrators to Access API Tokens |
|
| CVE-2015-1806 |
medium |
— |
6.5 |
11y ago |
Jenkins allows for Privilege Escalation by Remote Authenticated Users |
|
| CVE-2014-2062 |
medium |
— |
6.5 |
12y ago |
Jenkins does not invalidate the API token when a user is deleted |
|
| CVE-2014-2058 |
medium |
— |
6.5 |
12y ago |
Jenkins allows attackers to execute arbitrary jobs |
|
| CVE-2014-2059 |
medium |
— |
6.5 |
12y ago |
Jenkins directory traversal vulnerability |
|
| CVE-2016-0789 |
medium |
6.1 |
6.1 |
10y ago |
Jenkins has CRLF Injection Vulnerability in the CLI |
|
| CVE-2014-3663 |
medium |
— |
6.0 |
12y ago |
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs |
|
| CVE-2012-6073 |
medium |
— |
5.8 |
13y ago |
Jenkins affected by Open Redirect Vulnerability |
|
| CVE-2021-21682 |
medium |
— |
5.5 |
4y ago |
Improper handling of equivalent directory names on Windows in Jenkins |
|
| CVE-2021-21683 |
medium |
— |
5.5 |
4y ago |
Path traversal vulnerability on Windows in Jenkins |
|
| CVE-2021-21639 |
medium |
— |
5.5 |
4y ago |
Lack of type validation in agent related REST API in Jenkins |
|
| CVE-2021-21640 |
medium |
— |
5.5 |
4y ago |
View name validation bypass in Jenkins |
|
| CVE-2021-21615 |
medium |
— |
5.5 |
4y ago |
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins |
|
| CVE-2019-10384 |
medium |
— |
5.5 |
4y ago |
Cross-Site Request Forgery in Jenkins |
|
| CVE-2019-10383 |
medium |
— |
5.5 |
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
|
| CVE-2018-1999043 |
medium |
— |
5.5 |
4y ago |
Missing Release of Resource after Effective Lifetime in Jenkins |
|
| CVE-2019-1003050 |
medium |
— |
5.5 |
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
|
| CVE-2019-1003049 |
medium |
— |
5.5 |
4y ago |
Insufficient Session Expiration in Jenkins |
|
| CVE-2015-7536 |
medium |
5.4 |
5.4 |
11y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
|
| CVE-2014-9635 |
medium |
5.3 |
5.3 |
9y ago |
Jenkins HttpOnly flag not Set for session cookies |
|
| CVE-2014-9634 |
medium |
5.3 |
5.3 |
9y ago |
Jenkins secure flag not set on session cookies |
|
| CVE-2016-0790 |
medium |
5.3 |
5.3 |
10y ago |
Exposure of Sensitive Information in Jenkins Core |
|
| CVE-2015-5324 |
medium |
— |
5.0 |
11y ago |
Jenkins allows Unauthorized Viewing of Queue API Information |
|
| CVE-2015-5322 |
medium |
— |
5.0 |
11y ago |
Jenkins has Local File Inclusion Vulnerability |
|
| CVE-2015-5321 |
medium |
— |
5.0 |
11y ago |
Jenkins has Information Disclosure via Sidepanel Widget |
|
| CVE-2015-5320 |
medium |
— |
5.0 |
11y ago |
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor |
|
| CVE-2015-5319 |
medium |
— |
5.0 |
11y ago |
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI |
|
| CVE-2014-2064 |
medium |
— |
5.0 |
12y ago |
Jenkins allows attackers to determine whether a user exists |
|
| CVE-2014-2061 |
medium |
— |
5.0 |
12y ago |
Jenkin allows attackers to obtain passwords by reading the HTML source code |
|
| CVE-2014-2060 |
medium |
— |
5.0 |
12y ago |
Jenkins allows Remote Attackers to Hijack Sessions |
|
| CVE-2014-3662 |
medium |
— |
5.0 |
12y ago |
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
|
| CVE-2014-3661 |
medium |
— |
5.0 |
12y ago |
Jenkins Denial of Service vulnerability |
|
| CVE-2017-17383 |
medium |
4.7 |
4.7 |
9y ago |
Cross-site Scripting in Jenkins Core |
|
| CVE-2015-1810 |
medium |
— |
4.6 |
11y ago |
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation |
|
| CVE-2016-3727 |
medium |
4.3 |
4.3 |
10y ago |
Jenkins Exposes Sensitive Information via API URL |
|
| CVE-2016-3725 |
medium |
4.3 |
4.3 |
10y ago |
Missing permissions check in Jenkins Core |
|
| CVE-2016-3723 |
medium |
4.3 |
4.3 |
10y ago |
Exposure of Sensitive Information in Jenkins Core |
|
| CVE-2016-3722 |
medium |
4.3 |
4.3 |
10y ago |
Incorrect Authorization in Jenkins Core |
|
| CVE-2016-3721 |
medium |
4.3 |
4.3 |
10y ago |
Jenkins allows Remote Users to Inject Build Parameters |
|
| CVE-2015-5326 |
medium |
— |
4.3 |
11y ago |
Jenkins allows Cross-Site Scripting (XSS) |
|
| CVE-2015-1813 |
medium |
— |
4.3 |
11y ago |
Jenkins allows Cross-Site Scripting (XSS) |
|
| CVE-2015-1812 |
medium |
— |
4.3 |
11y ago |
Jenkins Cross-site Scripting vulnerability |
|