VuXML ID | Description |
425f2143-8876-4b0a-af84-e0238c5c2062 | jenkins -- Arbitrary file read vulnerability in workspace browsers
Jenkins Security Advisory:
Description
(Medium) SECURITY-2197 / CVE-2021-21615
Arbitrary file read vulnerability in workspace browsers
Discovery 2021-01-26 Entry 2021-01-26 jenkins
< 2.276
jenkins-lts
< 2.263.3
https://www.jenkins.io/security/advisory/2021-01-26/
|
1ddab5cb-14c9-4632-959f-802c412a9593 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1868 / CVE-2020-2220
Stored XSS vulnerability in job build time trend
(High) SECURITY-1901 / CVE-2020-2221
Stored XSS vulnerability in upstream cause
(High) SECURITY-1902 / CVE-2020-2222
Stored XSS vulnerability in 'keep forever' badge icons
(High) SECURITY-1945 / CVE-2020-2223
Stored XSS vulnerability in console links
Discovery 2020-07-15 Entry 2020-07-15 jenkins
< 2.245
jenkins-lts
< 2.235.2
CVE-2020-2220
CVE-2020-2221
CVE-2020-2222
CVE-2020-2223
https://www.jenkins.io/security/advisory/2020-07-15/
|
5bf6ed6d-9002-4f43-ad63-458f59e45384 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1774 / CVE-2020-2160
CSRF protection for any URL could be bypassed
(Medium) SECURITY-1781 / CVE-2020-2161
Stored XSS vulnerability in label expression validation
(Medium) SECURITY-1793 / CVE-2020-2162
Stored XSS vulnerability in file parameters
(Medium) SECURITY-1796 / CVE-2020-2163
Stored XSS vulnerability in list view column headers
Discovery 2020-03-25 Entry 2020-03-25 jenkins
le 2.227
jenkins-lts
le 2.204.5
CVE-2020-2160
CVE-2020-2161
CVE-2020-2162
CVE-2020-2163
https://jenkins.io/security/advisory/2020-03-25/
|
eef0d2d9-78c0-441e-8b03-454c5baebe20 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1955 / CVE-2020-2229
Stored XSS vulnerability in help icons
(High) SECURITY-1957 / CVE-2020-2230
Stored XSS vulnerability in project naming strategy
(High) SECURITY-1960 / CVE-2020-2231
Stored XSS vulnerability in 'Trigger builds remotely'
Discovery 2020-08-12 Entry 2020-08-12 jenkins
< 2.252
jenkins-lts
< 2.235.4
CVE-2020-2229
CVE-2020-2230
CVE-2020-2231
https://www.jenkins.io/security/advisory/2020-08-12/
|
a250539d-d1d4-4591-afd3-c8bdfac335d8 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1682 / CVE-2020-2099
Inbound TCP Agent Protocol/3 authentication bypass
(Medium) SECURITY-1641 / CVE-2020-2100
Jenkins vulnerable to UDP amplification reflection attack
(Medium) SECURITY-1659 / CVE-2020-2101
Non-constant time comparison of inbound TCP agent connection secret
(Medium) SECURITY-1660 / CVE-2020-2102
Non-constant time HMAC comparison
(Medium) SECURITY-1695 / CVE-2020-2103
Diagnostic page exposed session cookies
(Medium) SECURITY-1650 / CVE-2020-2104
Memory usage graphs accessible to anyone with Overall/Read
(Low) SECURITY-1704 / CVE-2020-2105
Jenkins REST APIs vulnerable to clickjacking
(Medium) SECURITY-1680 / CVE-2020-2106
Stored XSS vulnerability in Code Coverage API Plugin
(Medium) SECURITY-1565 / CVE-2020-2107
Fortify Plugin stored credentials in plain text
(High) SECURITY-1719 / CVE-2020-2108
XXE vulnerability in WebSphere Deployer Plugin
Discovery 2020-01-29 Entry 2020-01-29 jenkins
le 2.219
jenkins-lts
le 2.204.2
CVE-2020-2099
CVE-2020-2100
CVE-2020-2101
CVE-2020-2102
CVE-2020-2103
CVE-2020-2104
CVE-2020-2105
CVE-2020-2106
CVE-2020-2107
CVE-2020-2108
https://jenkins.io/security/advisory/2020-01-29/
|
9595d002-edeb-4602-be2d-791cd654247e | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Low) SECURITY-1721 / CVE-2021-21639
Lack of type validation in agent related REST API
(Medium) SECURITY-1871 / CVE-2021-21640
View name validation bypass
Discovery 2021-04-07 Entry 2021-04-08 jenkins
< 2.287
jenkins-lts
< 2.277.2
https://www.jenkins.io/security/advisory/2021-04-07/
|
09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8 | jenkins -- Buffer corruption in bundled Jetty
Jenkins Security Advisory:
Description
(Critical) SECURITY-1983 / CVE-2019-17638
Buffer corruption in bundled Jetty
Discovery 2020-08-17 Entry 2020-08-17 jenkins
< 2.243
jenkins-lts
< 2.235.5
CVE-2019-17638
https://www.jenkins.io/security/advisory/2020-08-17/
|
e358b470-b37d-4e47-bc8a-2cd9adbeb63c | jenkins -- Denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) JENKINS-65280 / CVE-2021-28165
Denial of service vulnerability in bundled Jetty
Discovery 2021-04-20 Entry 2021-04-20 jenkins
< 2.286
jenkins-lts
< 2.277.3
https://www.jenkins.io/security/advisory/2021-04-20/
CVE-2021-28165
|
9720bb39-f82a-402f-9fe4-e2c875bdda83 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1498 / CVE-2019-10401
Stored XSS vulnerability in expandable textbox form control
(Medium) SECURITY-1525 / CVE-2019-10402
XSS vulnerability in combobox form control
(Medium) SECURITY-1537 (1) / CVE-2019-10403
Stored XSS vulnerability in SCM tag action tooltip
(Medium) SECURITY-1537 (2) / CVE-2019-10404
Stored XSS vulnerability in queue item tooltip
(Medium) SECURITY-1505 / CVE-2019-10405
Diagnostic web page exposed Cookie HTTP header
(Medium) SECURITY-1471 / CVE-2019-10406
XSS vulnerability in Jenkins URL setting
Discovery 2019-09-25 Entry 2019-09-25 jenkins
le 2.196
jenkins-lts
le 2.176.3
CVE-2019-10401
CVE-2019-10402
CVE-2019-10403
CVE-2019-10404
CVE-2019-10405
CVE-2019-10406
https://jenkins.io/security/advisory/2019-09-25/
|
9d271bab-da22-11eb-86f0-94c691a700a6 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-2278 / CVE-2021-21670
Improper permission checks allow canceling queue items and aborting builds
(High) SECURITY-2371 / CVE-2021-21671
Session fixation vulnerability
Discovery 2021-06-30 Entry 2021-07-01 jenkins
< 2.300
jenkins-lts
< 2.289.2
CVE-2021-21670
CVE-2021-21671
https://www.jenkins.io/security/advisory/2021-06-30/
|
f68bb358-be8e-11ed-9215-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-3037 / CVE-2023-27898
XSS vulnerability in plugin manager
(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)
DoS vulnerability in bundled Apache Commons FileUpload library
(Medium) SECURITY-1807 / CVE-2023-27902
Workspace temporary directories accessible through directory browser
(Low) SECURITY-3058 / CVE-2023-27903
Temporary file parameter created with insecure permissions
(Low) SECURITY-2120 / CVE-2023-27904
Information disclosure through error stack traces related to agents
Discovery 2023-03-08 Entry 2023-03-09 jenkins
< 2.394
jenkins-lts
< 2.387.1
CVE-2023-27898
CVE-2023-24998
CVE-2023-27900
CVE-2023-27901
CVE-2023-27902
CVE-2023-27903
CVE-2023-27904
https://www.jenkins.io/security/advisory/2023-03-08/
|
7a7891fc-6318-447a-ba45-31d525ec11a0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1453 / CVE-2019-10383
Stored XSS vulnerability in update center
(High) SECURITY-1491 / CVE-2019-10384
CSRF protection tokens for anonymous users did not expire in some circumstances
Discovery 2019-08-28 Entry 2019-08-28 jenkins
le 2.191
jenkins-lts
le 2.176.2
CVE-2019-10383
CVE-2019-10384
https://jenkins.io/security/advisory/2019-08-28/
|
9bad457e-b396-4452-8773-15bec67e1ceb | jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
Jenkins Security Advisory:
Description
(Medium) SECURITY-2475 / CVE-2014-3577
Jenkins core bundles vulnerable version of the commons-httpclient library
Discovery 2021-10-06 Entry 2021-10-07 jenkins
< 2.315
jenkins-lts
< 2.303.2
CVE-2014-3577
https://www.jenkins.io/security/advisory/2021-10-06/
|
d6f76976-e86d-4f9a-9362-76c849b10db2 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1452 / CVE-2021-21602
Arbitrary file read vulnerability in workspace browsers
(High) SECURITY-1889 / CVE-2021-21603
XSS vulnerability in notification bar
(High) SECURITY-1923 / CVE-2021-21604
Improper handling of REST API XML deserialization errors
(High) SECURITY-2021 / CVE-2021-21605
Path traversal vulnerability in agent names
(Medium) SECURITY-2023 / CVE-2021-21606
Arbitrary file existence check in file fingerprints
(Medium) SECURITY-2025 / CVE-2021-21607
Excessive memory allocation in graph URLs leads to denial of service
(High) SECURITY-2035 / CVE-2021-21608
Stored XSS vulnerability in button labels
(Low) SECURITY-2047 / CVE-2021-21609
Missing permission check for paths with specific prefix
(High) SECURITY-2153 / CVE-2021-21610
Reflected XSS vulnerability in markup formatter preview
(High) SECURITY-2171 / CVE-2021-21611
Stored XSS vulnerability on new item page
Discovery 2021-01-13 Entry 2021-01-13 jenkins
< 2.275
jenkins-lts
< 2.263.2
https://www.jenkins.io/security/advisory/2021-01-13/
|
2bf56269-90f8-4a82-b82f-c0e289f2a0dc | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
(High) SECURITY-2423 / CVE-2021-21696
Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
(High) SECURITY-2428 / CVE-2021-21697
Agent-to-controller access control allows reading/writing most content of build directories
(Medium) SECURITY-2506 / CVE-2021-21698
Path traversal vulnerability in Subversion Plugin allows reading arbitrary files
Discovery 2021-11-04 Entry 2021-11-04 jenkins
< 2.319
jenkins-lts
< 2.303.3
CVE-2021-21685
CVE-2021-21686
CVE-2021-21687
CVE-2021-21688
CVE-2021-21689
CVE-2021-21690
CVE-2021-21691
CVE-2021-21692
CVE-2021-21693
CVE-2021-21694
CVE-2021-21695
CVE-2021-21696
CVE-2021-21697
CVE-2021-21698
https://www.jenkins.io/security/advisory/2021-11-04/
|
df3db21d-1a4d-4c78-acf7-4639e5a795e0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1424 / CVE-2019-10352
Arbitrary file write vulnerability using file parameter definitions
(High) SECURITY-626 / CVE-2019-10353
CSRF protection tokens did not expire
(Medium) SECURITY-534 / CVE-2019-10354
Unauthorized view fragment access
Discovery 2019-07-17 Entry 2019-07-17 jenkins
< 2.186
jenkins-lts
< 2.176.2
CVE-2019-10352
CVE-2019-10353
CVE-2019-10354
https://jenkins.io/security/advisory/2019-07-17/
|
25be46f0-f25d-11ec-b62a-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)
Multiple XSS vulnerabilities
(Medium) SECURITY-2566 / CVE-2022-34174
Observable timing discrepancy allows determining username validity
(Medium) Unauthorized view fragment access
SECURITY-2777 / CVE-2022-34175
Discovery 2022-06-22 Entry 2022-06-22 jenkins
< 2.356
jenkins-lts
< 2.346.1
CVE-2022-34170
CVE-2022-34171
CVE-2022-34172
CVE-2022-34173
CVE-2022-34174
CVE-2022-34175
https://www.jenkins.io/security/advisory/2022-06-22/
|
672eeea9-a070-4f88-b0f1-007e90a2cbc3 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-2558 / CVE-2022-20612
CSRF vulnerability in build triggers
Discovery 2022-01-12 Entry 2022-01-12 jenkins
< 2.330
jenkins-lts
< 2.319.2
CVE-2022-20612
https://www.jenkins.io/security/advisory/2022-01-12/
|
8e9c3f5a-715b-4336-8d05-19babef55e9e | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1289
Jenkins accepted cached legacy CLI authentication
(Medium) SECURITY-1327
XSS vulnerability in form validation button
Discovery 2019-04-10 Entry 2019-04-10 jenkins
< 2.172
jenkins-lts
< 2.164.2
https://jenkins.io/security/advisory/2019-04-10/
|
debf6353-5753-4e9a-b710-a83ecdd743de | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-868
Administrators could persist access to Jenkins using crafted 'Remember me' cookie
(Medium) SECURITY-901
Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie
Discovery 2019-01-16 Entry 2019-01-16 jenkins
< 2.160
jenkins-lts
< 2.150.2
https://jenkins.io/security/advisory/2019-01-16/
|
0b0ad196-1ee8-4a98-89b1-4d5d82af49a9 | jenkins -- DoS vulnerability in bundled XStream library
Jenkins Security Advisory:
Description
(Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)
DoS vulnerability in bundled XStream library
Discovery 2022-02-09 Entry 2022-02-10 jenkins
< 2.334
jenkins-lts
< 2.319.3
CVE-2021-43859
CVE-2022-0538
https://www.jenkins.io/security/advisory/2022-02-09/
|