| CVE-2017-1000362 |
critical |
9.8 |
9.8 |
9y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
|
| CVE-2016-9299 |
critical |
9.8 |
9.8 |
10y ago |
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins |
|
| CVE-2016-0791 |
critical |
9.8 |
9.8 |
10y ago |
Exposure of Sensitive Information in Jenkins Core |
|
| CVE-2016-0788 |
critical |
9.8 |
9.8 |
10y ago |
Jenkins allows Execution of Code by Opening a JRMP Listener |
|
| CVE-2021-21686 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21690 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21689 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21688 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21687 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21685 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21694 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21693 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21692 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21691 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2021-21696 |
critical |
— |
9.5 |
4y ago |
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin |
|
| CVE-2021-21697 |
critical |
— |
9.5 |
4y ago |
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins |
|
| CVE-2021-21695 |
critical |
— |
9.5 |
4y ago |
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins |
|
| CVE-2016-0792 |
high |
8.8 |
8.8 |
10y ago |
Jenkins allows Deserialization of Untrusted Data via an XML File |
|
| CVE-2015-7538 |
high |
8.8 |
8.8 |
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
|
| CVE-2015-7537 |
high |
8.8 |
8.8 |
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
|
| CVE-2021-21671 |
high |
— |
8.0 |
4y ago |
Session fixation vulnerability in Jenkins |
|
| CVE-2021-21670 |
high |
— |
8.0 |
4y ago |
Improper permission checks allow canceling queue items and aborting builds in Jenkins |
|
| CVE-2021-21605 |
high |
— |
8.0 |
4y ago |
Path traversal vulnerability in Jenkins agent names |
|
| CVE-2021-21607 |
high |
— |
8.0 |
4y ago |
Excessive memory allocation in graph URLs leads to denial of service in Jenkins |
|
| CVE-2021-21611 |
high |
— |
8.0 |
4y ago |
Stored XSS vulnerability in Jenkins on new item page |
|
| CVE-2021-21610 |
high |
— |
8.0 |
4y ago |
Reflected XSS vulnerability in Jenkins markup formatter preview |
|
| CVE-2021-21602 |
high |
— |
8.0 |
4y ago |
Arbitrary file read vulnerability in workspace browsers in Jenkins |
|
| CVE-2021-21604 |
high |
— |
8.0 |
4y ago |
Improper handling of REST API XML deserialization errors in Jenkins |
|
| CVE-2021-21609 |
high |
— |
8.0 |
4y ago |
Missing permission check for paths with specific prefix in Jenkins |
|
| CVE-2021-21608 |
high |
— |
8.0 |
4y ago |
Stored XSS vulnerability in Jenkins button labels |
|
| CVE-2021-21606 |
high |
— |
8.0 |
4y ago |
Arbitrary file existence check in file fingerprints in Jenkins |
|
| CVE-2021-21603 |
high |
— |
8.0 |
4y ago |
XSS vulnerability in Jenkins notification bar |
|
| CVE-2019-10353 |
high |
— |
8.0 |
4y ago |
Cross-Site Request Forgery in Jenkins |
|
| CVE-2019-10354 |
high |
— |
8.0 |
4y ago |
Missing Authorization in Jenkins |
|
| CVE-2019-10352 |
high |
— |
8.0 |
4y ago |
Improper Limitation of a Pathname to a Restricted Directory in Jenkins |
|
| CVE-2017-1000356 |
high |
— |
8.0 |
4y ago |
Cross-Site Request Forgery in Jenkins |
|
| CVE-2017-1000355 |
high |
— |
8.0 |
4y ago |
Deserialization of Untrusted Data in Jenkins |
|
| CVE-2017-1000354 |
high |
— |
8.0 |
4y ago |
Improper Authentication in Jenkins |
|
| CVE-2018-1999006 |
high |
— |
8.0 |
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
|
| CVE-2018-1999004 |
high |
— |
8.0 |
4y ago |
Incorrect Authorization in Jenkins |
|
| CVE-2018-1999007 |
high |
— |
8.0 |
4y ago |
Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin |
|
| CVE-2018-1999002 |
high |
— |
8.0 |
4y ago |
Improper Input Validation in Jenkins |
|
| CVE-2018-1999005 |
high |
— |
8.0 |
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
|
| CVE-2018-1999001 |
high |
— |
8.0 |
4y ago |
Improper Input Validation in Jenkins |
|
| CVE-2018-1999003 |
high |
— |
8.0 |
4y ago |
Incorrect Authorization in Jenkins |
|
| CVE-2015-7539 |
high |
7.5 |
7.5 |
11y ago |
Jenkins does not Verify Checksums for Plugin Files |
|
| CVE-2015-5325 |
high |
— |
7.5 |
11y ago |
Jenkins allows Bypass of Access Restrictions |
|
| CVE-2015-1814 |
high |
— |
7.5 |
11y ago |
Jenkins allows for Privilege Escalation by Remote Authenticated Users |
|
| CVE-2014-2063 |
high |
— |
7.5 |
12y ago |
Jenkins Vulnerable to Clickjacking |
|
| CVE-2014-3666 |
high |
— |
7.5 |
12y ago |
Jenkins allows for Code Execution via Crafted Packet to the CLI |
|
| CVE-2013-0329 |
high |
— |
7.5 |
13y ago |
Jenkins Cross-Site Request Forgery vulnerability |
|
| CVE-2016-3726 |
high |
7.4 |
7.4 |
10y ago |
Jenkins affected by Open Redirect Vulnerability |
|
| CVE-2015-1808 |
low |
— |
3.5 |
11y ago |
Jenkins Vulnerable to Denial of Service (DoS) |
|
| CVE-2014-2068 |
low |
— |
3.5 |
12y ago |
Jenkins allows attackers to obtain sensitive information |
|
| CVE-2014-2067 |
low |
— |
3.5 |
12y ago |
Jenkins cross-site scripting (XSS) vulnerability |
|
| CVE-2012-6074 |
low |
— |
3.5 |
13y ago |
Jenkins allows Cross-Site Scripting (XSS) |
|
| CVE-2013-0158 |
low |
— |
2.6 |
13y ago |
Jenkins allows attackers to obtain the master cryptographic key |
|
| CVE-2011-4344 |
low |
— |
2.6 |
15y ago |
Jenkins allows Cross-Site Scripting (XSS) |
|
| CVE-2013-2033 |
low |
— |
2.1 |
12y ago |
Jenkins vulnerable to Cross-site Scripting |
|