Package impact

Maven / org.jenkins-ci.main:jenkins-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2017-1000362	critical	9.8	9.8	9y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2016-9299	critical	9.8	9.8	10y ago	Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
CVE-2016-0791	critical	9.8	9.8	10y ago	Exposure of Sensitive Information in Jenkins Core
CVE-2016-0788	critical	9.8	9.8	10y ago	Jenkins allows Execution of Code by Opening a JRMP Listener
CVE-2021-21686	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21685	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21693	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21692	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21691	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21694	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21687	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21689	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21688	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21690	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21696	critical	—	9.5	4y ago	Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
CVE-2021-21695	critical	—	9.5	4y ago	Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
CVE-2021-21697	critical	—	9.5	4y ago	Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
CVE-2015-5318	medium	—	6.8	11y ago	Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2014-3665	medium	—	6.8	11y ago	Jenkins improperly ensures trust separation
CVE-2014-2066	medium	—	6.8	12y ago	Jenkins session fixation vulnerability
CVE-2013-2034	medium	—	6.8	12y ago	Jenkins Cross-Site Request Forgery vulnerabilities
CVE-2013-0327	medium	—	6.8	13y ago	Jenkins Cross-Site Request Forgery vulnerability
CVE-2016-3724	medium	6.5	6.5	10y ago	Jenkins Exposes Sensitive Information from Job Configuration
CVE-2015-5323	medium	—	6.5	11y ago	Jenkins allows Administrators to Access API Tokens
CVE-2015-1806	medium	—	6.5	11y ago	Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2014-2062	medium	—	6.5	12y ago	Jenkins does not invalidate the API token when a user is deleted
CVE-2014-2058	medium	—	6.5	12y ago	Jenkins allows attackers to execute arbitrary jobs
CVE-2014-2059	medium	—	6.5	12y ago	Jenkins directory traversal vulnerability
CVE-2016-0789	medium	6.1	6.1	10y ago	Jenkins has CRLF Injection Vulnerability in the CLI
CVE-2014-3663	medium	—	6.0	12y ago	Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2012-6073	medium	—	5.8	13y ago	Jenkins affected by Open Redirect Vulnerability
CVE-2021-21683	medium	—	5.5	4y ago	Path traversal vulnerability on Windows in Jenkins
CVE-2021-21682	medium	—	5.5	4y ago	Improper handling of equivalent directory names on Windows in Jenkins
CVE-2021-21640	medium	—	5.5	4y ago	View name validation bypass in Jenkins
CVE-2021-21639	medium	—	5.5	4y ago	Lack of type validation in agent related REST API in Jenkins
CVE-2021-21615	medium	—	5.5	4y ago	Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
CVE-2019-10383	medium	—	5.5	4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10384	medium	—	5.5	4y ago	Cross-Site Request Forgery in Jenkins
CVE-2018-1999043	medium	—	5.5	4y ago	Missing Release of Resource after Effective Lifetime in Jenkins
CVE-2019-1003050	medium	—	5.5	4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-1003049	medium	—	5.5	4y ago	Insufficient Session Expiration in Jenkins
CVE-2015-7536	medium	5.4	5.4	11y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2014-9635	medium	5.3	5.3	9y ago	Jenkins HttpOnly flag not Set for session cookies
CVE-2014-9634	medium	5.3	5.3	9y ago	Jenkins secure flag not set on session cookies
CVE-2016-0790	medium	5.3	5.3	10y ago	Exposure of Sensitive Information in Jenkins Core
CVE-2015-5324	medium	—	5.0	11y ago	Jenkins allows Unauthorized Viewing of Queue API Information
CVE-2015-5322	medium	—	5.0	11y ago	Jenkins has Local File Inclusion Vulnerability
CVE-2015-5321	medium	—	5.0	11y ago	Jenkins has Information Disclosure via Sidepanel Widget
CVE-2015-5320	medium	—	5.0	11y ago	Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5319	medium	—	5.0	11y ago	Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
CVE-2014-2064	medium	—	5.0	12y ago	Jenkins allows attackers to determine whether a user exists
CVE-2014-2061	medium	—	5.0	12y ago	Jenkin allows attackers to obtain passwords by reading the HTML source code
CVE-2014-2060	medium	—	5.0	12y ago	Jenkins allows Remote Attackers to Hijack Sessions
CVE-2014-3662	medium	—	5.0	12y ago	Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661	medium	—	5.0	12y ago	Jenkins Denial of Service vulnerability
CVE-2017-17383	medium	4.7	4.7	9y ago	Cross-site Scripting in Jenkins Core
CVE-2015-1810	medium	—	4.6	11y ago	Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
CVE-2016-3727	medium	4.3	4.3	10y ago	Jenkins Exposes Sensitive Information via API URL
CVE-2016-3725	medium	4.3	4.3	10y ago	Missing permissions check in Jenkins Core
CVE-2016-3723	medium	4.3	4.3	10y ago	Exposure of Sensitive Information in Jenkins Core
CVE-2016-3722	medium	4.3	4.3	10y ago	Incorrect Authorization in Jenkins Core
CVE-2016-3721	medium	4.3	4.3	10y ago	Jenkins allows Remote Users to Inject Build Parameters
CVE-2015-5326	medium	—	4.3	11y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1813	medium	—	4.3	11y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1812	medium	—	4.3	11y ago	Jenkins Cross-site Scripting vulnerability
CVE-2014-2065	medium	—	4.3	12y ago	Jenkins cross-site scripting (XSS) vulnerability
CVE-2014-3681	medium	—	4.3	12y ago	Jenkins Cross-site Scripting vulnerability
CVE-2013-5573	medium	—	4.3	13y ago	Jenkins allows Cross-Site Scripting (XSS) in User Configuration
CVE-2013-0328	medium	—	4.3	13y ago	Jenkins subject to Cross-site Scripting
CVE-2012-6072	medium	—	4.3	13y ago	Jenkins allows HTTP Injection and Response Splitting
CVE-2012-0325	medium	—	4.3	14y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2012-0324	medium	—	4.3	14y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2013-7330	medium	—	4.0	12y ago	Jenkins allows attackers to configure restricted projects
CVE-2014-3680	medium	—	4.0	12y ago	Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3667	medium	—	4.0	12y ago	Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3664	medium	—	4.0	12y ago	Jenkins Path Traversal vulnerability
CVE-2013-0331	medium	—	4.0	13y ago	Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
CVE-2013-0330	medium	—	4.0	13y ago	Jenkins allows Remote Users to Build Arbitrary Jobs
CVE-2015-1808	low	—	3.5	11y ago	Jenkins Vulnerable to Denial of Service (DoS)
CVE-2014-2068	low	—	3.5	12y ago	Jenkins allows attackers to obtain sensitive information
CVE-2014-2067	low	—	3.5	12y ago	Jenkins cross-site scripting (XSS) vulnerability
CVE-2012-6074	low	—	3.5	13y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2013-0158	low	—	2.6	13y ago	Jenkins allows attackers to obtain the master cryptographic key
CVE-2011-4344	low	—	2.6	15y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2013-2033	low	—	2.1	12y ago	Jenkins vulnerable to Cross-site Scripting
CVE-2024-23897	unknown	—	1.5	2y ago	Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
CVE-2015-5317	unknown	—	1.5	4y ago	Jenkins discloses project names via fingerprints
CVE-2017-1000353	unknown	—	1.5	4y ago	Deserialization of Untrusted Data in Jenkins
CVE-2026-27099	unknown	—	—	3mo ago	Jenkins has a stored XSS vulnerability in node offline cause description
CVE-2025-67639	unknown	—	—	6mo ago	Jenkins has a CSRF vulnerability on the login form
CVE-2025-59474	unknown	—	—	8mo ago	Jenkins has a missing permission check, allowing users to obtain agent names
CVE-2025-31720	unknown	—	—	1y ago	Jenkins Missing Permission Check
CVE-2025-27624	unknown	—	—	1y ago	Jenkins cross-site request forgery (CSRF) vulnerability
CVE-2025-27625	unknown	—	—	1y ago	Jenkins Open Redirect vulnerability
CVE-2024-43045	unknown	—	—	2y ago	Jenkins does not perform a permission check in an HTTP endpoint
CVE-2024-23898	unknown	—	—	2y ago	Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
CVE-2023-43496	unknown	—	—	3y ago	Jenkins temporary plugin file created with insecure permissions
CVE-2023-43494	unknown	—	—	3y ago	Jenkins does not exclude sensitive build variables from search
CVE-2023-43495	unknown	—	—	3y ago	Jenkins Cross-site Scripting vulnerability
CVE-2023-39151	unknown	—	—	3y ago	Jenkins Stored Cross-site Scripting vulnerability