Filtered by vendor Jenkins
Subscribe
Total
1775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28159 | 1 Jenkins | 1 Subversion Partial Release Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. | |||||
| CVE-2024-28158 | 1 Jenkins | 1 Subversion Partial Release Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. | |||||
| CVE-2024-28157 | 1 Jenkins | 1 Gitbucket | 2026-06-17 | N/A | 8.0 HIGH |
| Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. | |||||
| CVE-2024-28156 | 1 Jenkins | 1 Build Monitor View | 2026-06-17 | N/A | 5.4 MEDIUM |
| Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views. | |||||
| CVE-2024-28155 | 1 Jenkins | 1 Appspider | 2026-06-17 | N/A | 4.3 MEDIUM |
| Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | |||||
| CVE-2024-28154 | 1 Jenkins | 1 Mq Notifier | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | |||||
| CVE-2024-28153 | 1 Jenkins | 1 Owasp Dependency-check | 2026-06-17 | N/A | 5.4 MEDIUM |
| Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2024-28152 | 1 Jenkins | 1 Bitbucket Branch Source | 2026-06-17 | N/A | 6.3 MEDIUM |
| In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server. | |||||
| CVE-2024-28151 | 1 Jenkins | 1 Html Publisher | 2026-06-17 | N/A | 4.3 MEDIUM |
| Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it. | |||||
| CVE-2024-28150 | 1 Jenkins | 1 Html Publisher | 2026-06-17 | N/A | 4.7 MEDIUM |
| Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2024-28149 | 1 Jenkins | 1 Html Publisher | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists. | |||||
| CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2026-06-17 | N/A | 5.4 MEDIUM |
| Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2026-06-17 | N/A | 7.5 HIGH |
| Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | |||||
| CVE-2024-23903 | 1 Jenkins | 1 Github Branch Source | 2026-06-17 | N/A | 5.3 MEDIUM |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | |||||
| CVE-2024-23902 | 1 Jenkins | 1 Github Branch Source | 2026-06-17 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | |||||
| CVE-2024-23900 | 1 Jenkins | 1 Matrix Project | 2026-06-17 | N/A | 4.3 MEDIUM |
| Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. | |||||
| CVE-2024-23899 | 1 Jenkins | 1 Git Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | |||||
| CVE-2024-23898 | 1 Jenkins | 1 Jenkins | 2026-06-17 | N/A | 8.8 HIGH |
| Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | |||||
| CVE-2024-23897 | 1 Jenkins | 1 Jenkins | 2026-06-17 | N/A | 9.8 CRITICAL |
| Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | |||||