CVE-2014-2065 medium —
4.3
12y ago
Jenkins cross-site scripting (XSS) vulnerability
java
CVE-2014-3681 medium —
4.3
12y ago
Jenkins Cross-site Scripting vulnerability
java
CVE-2013-5573 medium —
4.3
13y ago
Jenkins allows Cross-Site Scripting (XSS) in User Configuration
java
CVE-2013-0328 medium —
4.3
13y ago
Jenkins subject to Cross-site Scripting
java
CVE-2012-6072 medium —
4.3
13y ago
Jenkins allows HTTP Injection and Response Splitting
java
CVE-2012-0325 medium —
4.3
14y ago
Jenkins allows Cross-Site Scripting (XSS)
java
CVE-2012-0324 medium —
4.3
14y ago
Jenkins allows Cross-Site Scripting (XSS)
java
CVE-2013-7330 medium —
4.0
12y ago
Jenkins allows attackers to configure restricted projects
java
CVE-2014-3680 medium —
4.0
12y ago
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
java
CVE-2014-3667 medium —
4.0
12y ago
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
java
CVE-2014-3664 medium —
4.0
12y ago
Jenkins Path Traversal vulnerability
java
CVE-2013-0331 medium —
4.0
13y ago
Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
java
CVE-2013-0330 medium —
4.0
13y ago
Jenkins allows Remote Users to Build Arbitrary Jobs
java
CVE-2015-1808 low —
3.5
11y ago
Jenkins Vulnerable to Denial of Service (DoS)
java
CVE-2014-2068 low —
3.5
12y ago
Jenkins allows attackers to obtain sensitive information
java
CVE-2014-2067 low —
3.5
12y ago
Jenkins cross-site scripting (XSS) vulnerability
java
CVE-2012-6074 low —
3.5
13y ago
Jenkins allows Cross-Site Scripting (XSS)
java
CVE-2013-0158 low —
2.6
13y ago
Jenkins allows attackers to obtain the master cryptographic key
java
CVE-2011-4344 low —
2.6
15y ago
Jenkins allows Cross-Site Scripting (XSS)
java
CVE-2013-2033 low —
2.1
12y ago
Jenkins vulnerable to Cross-site Scripting
java
CVE-2024-23897 unknown —
1.5
2y ago
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
java
CVE-2015-5317 unknown —
1.5
4y ago
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
java
CVE-2017-1000353 unknown —
1.5
4y ago
Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would…
java
CVE-2018-1000861 unknown —
1.5
4y ago
A code execution vulnerability exists in the Stapler web framework used by Jenkins
java
CVE-2026-33002 unknown —
—
2mo ago
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
java
CVE-2026-33001 unknown —
—
2mo ago
Jenkins has a link following vulnerability allows arbitrary file creation
java
CVE-2026-27099 unknown —
—
3mo ago
Jenkins has a stored XSS vulnerability in node offline cause description
java
CVE-2026-27100 unknown —
—
3mo ago
Jenkins has a build information disclosure vulnerability through Run Parameter
java
CVE-2025-67636 unknown —
—
6mo ago
Jenkins is missing a permission check on password fields
java
CVE-2025-67637 unknown —
—
6mo ago
Jenkins's build authorization token is stored and displayed in plain text
java
CVE-2025-67638 unknown —
—
6mo ago
Jenkins's build authorization token is stored and displayed in plain text
java
CVE-2025-67639 unknown —
—
6mo ago
Jenkins has a CSRF vulnerability on the login form
java
CVE-2025-67635 unknown —
—
6mo ago
Jenkins has a Denial of service vulnerability in HTTP-based CLI
java
CVE-2025-59474 unknown —
—
8mo ago
Jenkins has a missing permission check, allowing users to obtain agent names
java
CVE-2025-59476 unknown —
—
8mo ago
Jenkins has a log message injection vulnerability
java
CVE-2025-59475 unknown —
—
8mo ago
Jenkins is missing a permission check in the authenticated users' profile menu
java
CVE-2025-31721 unknown —
—
1y ago
Jenkins Missing Permission Check
java
CVE-2025-31720 unknown —
—
1y ago
Jenkins Missing Permission Check
java
CVE-2025-27622 unknown —
—
1y ago
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
java
CVE-2025-27625 unknown —
—
1y ago
Jenkins Open Redirect vulnerability
java
CVE-2025-27623 unknown —
—
1y ago
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
java
CVE-2025-27624 unknown —
—
1y ago
Jenkins cross-site request forgery (CSRF) vulnerability
java
CVE-2024-47803 unknown —
—
2y ago
Jenkins exposes multi-line secrets through error messages
java
CVE-2024-47804 unknown —
—
2y ago
Jenkins item creation restriction bypass vulnerability
java
CVE-2024-43045 unknown —
—
2y ago
Jenkins does not perform a permission check in an HTTP endpoint
java
CVE-2024-43044 unknown —
—
2y ago
Jenkins Remoting library arbitrary file read vulnerability
java
CVE-2024-23898 unknown —
—
2y ago
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
java
CVE-2023-43498 unknown —
—
3y ago
Jenkins temporary uploaded file created with insecure permissions
java
CVE-2023-43496 unknown —
—
3y ago
Jenkins temporary plugin file created with insecure permissions
java
CVE-2023-43495 unknown —
—
3y ago
Jenkins Cross-site Scripting vulnerability
java
CVE-2023-43494 unknown —
—
3y ago
Jenkins does not exclude sensitive build variables from search
java
CVE-2023-43497 unknown —
—
3y ago
Jenkins temporary uploaded file created with insecure permissions
java
CVE-2023-39151 unknown —
—
3y ago
Jenkins Stored Cross-site Scripting vulnerability
java
CVE-2023-35141 unknown —
—
3y ago
Jenkins CSRF protection bypass vulnerability
java
CVE-2023-27904 unknown —
—
3y ago
Information disclosure through error stack traces related to agents
java
CVE-2023-27903 unknown —
—
3y ago
Incorrect Authorization in Jenkins Core
java
CVE-2023-27901 unknown —
—
3y ago
Denial of service in Jenkins Core
java
CVE-2023-27899 unknown —
—
3y ago
Incorrect Authorization in Jenkins Core
java
CVE-2023-27902 unknown —
—
3y ago
Incorrect Permission Preservation in Jenkins Core
java
CVE-2023-27900 unknown —
—
3y ago
Denial of service in Jenkins Core
java
CVE-2023-27898 unknown —
—
3y ago
Cross-site Scripting vulnerability in Jenkins
java
CVE-2022-41224 unknown —
—
4y ago
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
java
CVE-2022-34171 unknown —
—
4y ago
Cross-site Scripting vulnerability in Jenkins
java
CVE-2022-34175 unknown —
—
4y ago
Unauthorized view fragment access in Jenkins
java
CVE-2022-34173 unknown —
—
4y ago
Cross-site Scripting vulnerability in Jenkins
java
CVE-2022-34172 unknown —
—
4y ago
Cross-site Scripting vulnerability in Jenkins
java
CVE-2022-34170 unknown —
—
4y ago
Cross-site Scripting vulnerability in Jenkins
java
CVE-2022-34174 unknown —
—
4y ago
Observable timing discrepancy allows determining username validity in Jenkins
java
CVE-2019-10406 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2019-10404 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2019-10401 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2019-10403 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2019-10405 unknown —
—
4y ago
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
java
CVE-2019-10402 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2020-2231 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2020-2229 unknown —
—
4y ago
Jenkins Cross-Site Scripting vulnerability in help icons
java
CVE-2020-2230 unknown —
—
4y ago
Jenkins Cross-site Scripting vulnerability in project naming strategy
java
CVE-2020-2222 unknown —
—
4y ago
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
java
CVE-2020-2221 unknown —
—
4y ago
Stored XSS vulnerability in Jenkins upstream cause
java
CVE-2020-2223 unknown —
—
4y ago
Stored XSS vulnerability in Jenkins console links
java
CVE-2020-2220 unknown —
—
4y ago
Stored XSS vulnerability in Jenkins job build time trend
java
CVE-2020-2162 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2020-2161 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2020-2163 unknown —
—
4y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
java
CVE-2020-2160 unknown —
—
4y ago
Cross-Site Request Forgery in Jenkins
java
CVE-2020-2105 unknown —
—
4y ago
Jenkins REST APIs vulnerable to clickjacking
java
CVE-2020-2099 unknown —
—
4y ago
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
java
CVE-2020-2101 unknown —
—
4y ago
Non-constant time comparison of inbound TCP agent connection secret
java
CVE-2020-2103 unknown —
—
4y ago
Jenkins Diagnostic page exposed session cookies
java
CVE-2020-2100 unknown —
—
4y ago
Jenkins vulnerable to UDP amplification reflection attack
java
CVE-2020-2102 unknown —
—
4y ago
Non-constant time HMAC comparison
java
CVE-2020-2104 unknown —
—
4y ago
Memory usage graphs accessible to anyone with Overall/Read
java
CVE-2015-1809 unknown —
—
4y ago
XML external entity (XXE) vulnerability in Jenkins
java
CVE-2015-1811 unknown —
—
4y ago
XML external entity (XXE) vulnerability in Jenkins
java
CVE-2017-1000503 unknown —
—
4y ago
Race Condition in Jenkins
java
CVE-2018-1999042 unknown —
—
4y ago
Deserialization of Untrusted Data in Jenkins
java
CVE-2018-1999046 unknown —
—
4y ago
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
java
CVE-2018-1999045 unknown —
—
4y ago
Improper Authentication in Jenkins
java
CVE-2018-1000862 unknown —
—
4y ago
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
java
CVE-2017-1000504 unknown —
—
4y ago
Cross-Site Request Forgery in Jenkins
java