VuXML ID | Description |
7a7891fc-6318-447a-ba45-31d525ec11a0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1453 / CVE-2019-10383
Stored XSS vulnerability in update center
(High) SECURITY-1491 / CVE-2019-10384
CSRF protection tokens for anonymous users did not expire in some circumstances
Discovery 2019-08-28 Entry 2019-08-28 jenkins
le 2.191
jenkins-lts
le 2.176.2
CVE-2019-10383
CVE-2019-10384
https://jenkins.io/security/advisory/2019-08-28/
|
8e9c3f5a-715b-4336-8d05-19babef55e9e | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1289
Jenkins accepted cached legacy CLI authentication
(Medium) SECURITY-1327
XSS vulnerability in form validation button
Discovery 2019-04-10 Entry 2019-04-10 jenkins
< 2.172
jenkins-lts
< 2.164.2
https://jenkins.io/security/advisory/2019-04-10/
|
425f2143-8876-4b0a-af84-e0238c5c2062 | jenkins -- Arbitrary file read vulnerability in workspace browsers
Jenkins Security Advisory:
Description
(Medium) SECURITY-2197 / CVE-2021-21615
Arbitrary file read vulnerability in workspace browsers
Discovery 2021-01-26 Entry 2021-01-26 jenkins
< 2.276
jenkins-lts
< 2.263.3
https://www.jenkins.io/security/advisory/2021-01-26/
|
09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8 | jenkins -- Buffer corruption in bundled Jetty
Jenkins Security Advisory:
Description
(Critical) SECURITY-1983 / CVE-2019-17638
Buffer corruption in bundled Jetty
Discovery 2020-08-17 Entry 2020-08-17 jenkins
< 2.243
jenkins-lts
< 2.235.5
CVE-2019-17638
https://www.jenkins.io/security/advisory/2020-08-17/
|
0b0ad196-1ee8-4a98-89b1-4d5d82af49a9 | jenkins -- DoS vulnerability in bundled XStream library
Jenkins Security Advisory:
Description
(Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)
DoS vulnerability in bundled XStream library
Discovery 2022-02-09 Entry 2022-02-10 jenkins
< 2.334
jenkins-lts
< 2.319.3
CVE-2021-43859
CVE-2022-0538
https://www.jenkins.io/security/advisory/2022-02-09/
|
a250539d-d1d4-4591-afd3-c8bdfac335d8 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1682 / CVE-2020-2099
Inbound TCP Agent Protocol/3 authentication bypass
(Medium) SECURITY-1641 / CVE-2020-2100
Jenkins vulnerable to UDP amplification reflection attack
(Medium) SECURITY-1659 / CVE-2020-2101
Non-constant time comparison of inbound TCP agent connection secret
(Medium) SECURITY-1660 / CVE-2020-2102
Non-constant time HMAC comparison
(Medium) SECURITY-1695 / CVE-2020-2103
Diagnostic page exposed session cookies
(Medium) SECURITY-1650 / CVE-2020-2104
Memory usage graphs accessible to anyone with Overall/Read
(Low) SECURITY-1704 / CVE-2020-2105
Jenkins REST APIs vulnerable to clickjacking
(Medium) SECURITY-1680 / CVE-2020-2106
Stored XSS vulnerability in Code Coverage API Plugin
(Medium) SECURITY-1565 / CVE-2020-2107
Fortify Plugin stored credentials in plain text
(High) SECURITY-1719 / CVE-2020-2108
XXE vulnerability in WebSphere Deployer Plugin
Discovery 2020-01-29 Entry 2020-01-29 jenkins
le 2.219
jenkins-lts
le 2.204.2
CVE-2020-2099
CVE-2020-2100
CVE-2020-2101
CVE-2020-2102
CVE-2020-2103
CVE-2020-2104
CVE-2020-2105
CVE-2020-2106
CVE-2020-2107
CVE-2020-2108
https://jenkins.io/security/advisory/2020-01-29/
|
e358b470-b37d-4e47-bc8a-2cd9adbeb63c | jenkins -- Denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) JENKINS-65280 / CVE-2021-28165
Denial of service vulnerability in bundled Jetty
Discovery 2021-04-20 Entry 2021-04-20 jenkins
< 2.286
jenkins-lts
< 2.277.3
https://www.jenkins.io/security/advisory/2021-04-20/
CVE-2021-28165
|
2bf56269-90f8-4a82-b82f-c0e289f2a0dc | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control
(High) SECURITY-2423 / CVE-2021-21696
Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin
(High) SECURITY-2428 / CVE-2021-21697
Agent-to-controller access control allows reading/writing most content of build directories
(Medium) SECURITY-2506 / CVE-2021-21698
Path traversal vulnerability in Subversion Plugin allows reading arbitrary files
Discovery 2021-11-04 Entry 2021-11-04 jenkins
< 2.319
jenkins-lts
< 2.303.3
CVE-2021-21685
CVE-2021-21686
CVE-2021-21687
CVE-2021-21688
CVE-2021-21689
CVE-2021-21690
CVE-2021-21691
CVE-2021-21692
CVE-2021-21693
CVE-2021-21694
CVE-2021-21695
CVE-2021-21696
CVE-2021-21697
CVE-2021-21698
https://www.jenkins.io/security/advisory/2021-11-04/
|
9720bb39-f82a-402f-9fe4-e2c875bdda83 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1498 / CVE-2019-10401
Stored XSS vulnerability in expandable textbox form control
(Medium) SECURITY-1525 / CVE-2019-10402
XSS vulnerability in combobox form control
(Medium) SECURITY-1537 (1) / CVE-2019-10403
Stored XSS vulnerability in SCM tag action tooltip
(Medium) SECURITY-1537 (2) / CVE-2019-10404
Stored XSS vulnerability in queue item tooltip
(Medium) SECURITY-1505 / CVE-2019-10405
Diagnostic web page exposed Cookie HTTP header
(Medium) SECURITY-1471 / CVE-2019-10406
XSS vulnerability in Jenkins URL setting
Discovery 2019-09-25 Entry 2019-09-25 jenkins
le 2.196
jenkins-lts
le 2.176.3
CVE-2019-10401
CVE-2019-10402
CVE-2019-10403
CVE-2019-10404
CVE-2019-10405
CVE-2019-10406
https://jenkins.io/security/advisory/2019-09-25/
|
b4db7d78-bb62-4f4c-9326-6e9fc2ddd400 | jenkins -- CSRF protection bypass vulnerability
Jenkins Security Advisory:
Description
(High) SECURITY-3135 / CVE-2023-35141
CSRF protection bypass vulnerability
Discovery 2023-06-14 Entry 2023-06-14 jenkins
< 2.400
jenkins-lts
< 2.401.1
CVE-2023-35141
https://www.jenkins.io/security/advisory/2023-06-14/
|
9d271bab-da22-11eb-86f0-94c691a700a6 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-2278 / CVE-2021-21670
Improper permission checks allow canceling queue items and aborting builds
(High) SECURITY-2371 / CVE-2021-21671
Session fixation vulnerability
Discovery 2021-06-30 Entry 2021-07-01 jenkins
< 2.300
jenkins-lts
< 2.289.2
CVE-2021-21670
CVE-2021-21671
https://www.jenkins.io/security/advisory/2021-06-30/
|
3350275d-cd5a-11e8-a7be-3497f683cb16 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Low) SECURITY-867
Path traversal vulnerability in Stapler allowed accessing internal data
(Medium) SECURITY-1074
Arbitrary file write vulnerability using file parameter definitions
(Medium) SECURITY-1129
Reflected XSS vulnerability
(Medium) SECURITY-1162
Ephemeral user record was created on some invalid authentication attempts
(Medium) SECURITY-1128
Ephemeral user record creation
(Medium) SECURITY-1158
Session fixation vulnerability on user signup
(Medium) SECURITY-765
Failures to process form submission data could result in secrets being displayed or written to logs
Discovery 2018-10-10 Entry 2018-10-11 jenkins
< 2.146
jenkins-lts
< 2.138.2
https://jenkins.io/security/advisory/2018-10-10/
|
a45d945a-cc2c-4cd7-a941-fb58fdb1b01e | jenkins -- Privilege escalation vulnerability in bundled Spring Security library
Jenkins Security Advisory:
Description
(high) SECURITY-2195 / CVE-2021-22112
Privilege escalation vulnerability in bundled Spring Security library
Discovery 2021-02-19 Entry 2021-02-20 jenkins
< 2.280
https://www.jenkins.io/security/advisory/2021-02-19/
|
2e3bea0c-f110-11ee-bc57-00e081b7aa2d | jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) SECURITY-3379 / CVE-2024-22201
HTTP/2 denial of service vulnerability in bundled Jetty
Discovery 2024-03-20 Entry 2024-04-02 jenkins
< 2.444
jenkins-lts
< 2.440.2
CVE-2024-22201
https://www.jenkins.io/security/advisory/2024-03-20/
|
df3db21d-1a4d-4c78-acf7-4639e5a795e0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1424 / CVE-2019-10352
Arbitrary file write vulnerability using file parameter definitions
(High) SECURITY-626 / CVE-2019-10353
CSRF protection tokens did not expire
(Medium) SECURITY-534 / CVE-2019-10354
Unauthorized view fragment access
Discovery 2019-07-17 Entry 2019-07-17 jenkins
< 2.186
jenkins-lts
< 2.176.2
CVE-2019-10352
CVE-2019-10353
CVE-2019-10354
https://jenkins.io/security/advisory/2019-07-17/
|
9595d002-edeb-4602-be2d-791cd654247e | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Low) SECURITY-1721 / CVE-2021-21639
Lack of type validation in agent related REST API
(Medium) SECURITY-1871 / CVE-2021-21640
View name validation bypass
Discovery 2021-04-07 Entry 2021-04-08 jenkins
< 2.287
jenkins-lts
< 2.277.2
https://www.jenkins.io/security/advisory/2021-04-07/
|
25be46f0-f25d-11ec-b62a-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)
Multiple XSS vulnerabilities
(Medium) SECURITY-2566 / CVE-2022-34174
Observable timing discrepancy allows determining username validity
(Medium) Unauthorized view fragment access
SECURITY-2777 / CVE-2022-34175
Discovery 2022-06-22 Entry 2022-06-22 jenkins
< 2.356
jenkins-lts
< 2.346.1
CVE-2022-34170
CVE-2022-34171
CVE-2022-34172
CVE-2022-34173
CVE-2022-34174
CVE-2022-34175
https://www.jenkins.io/security/advisory/2022-06-22/
|
1ee26d45-6ddb-11ee-9898-00e081b7aa2d | jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory:
Description
(High) SECURITY-3291 / CVE-2023-36478, CVE-2023-44487
HTTP/2 denial of service vulnerability in bundled Jetty
Discovery 2023-10-18 Entry 2023-10-18 jenkins
< 2.428
jenkins-lts
< 2.414.3
CVE-2023-36478
CVE-2023-44487
https://www.jenkins.io/security/advisory/2023-10-18/
|
8b03d274-56ca-489e-821a-cf32f07643f0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-3314 / CVE-2024-23897
Arbitrary file read vulnerability through the CLI can lead to RCE
Description
(High) SECURITY-3315 / CVE-2024-23898
Cross-site WebSocket hijacking vulnerability in the CLI
Discovery 2024-01-24 Entry 2024-01-24 jenkins
< 2.422
jenkins-lts
< 2.426.3
CVE-2024-23897
CVE-2024-23898
https://www.jenkins.io/security/advisory/2024-01-24/
|
debf6353-5753-4e9a-b710-a83ecdd743de | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-868
Administrators could persist access to Jenkins using crafted 'Remember me' cookie
(Medium) SECURITY-901
Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie
Discovery 2019-01-16 Entry 2019-01-16 jenkins
< 2.160
jenkins-lts
< 2.150.2
https://jenkins.io/security/advisory/2019-01-16/
|
3aa27226-f86f-11e8-a085-3497f683cb16 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Critical) SECURITY-595
Code execution through crafted URLs
(Medium) SECURITY-904
Forced migration of user records
(Medium) SECURITY-1072
Workspace browser allowed accessing files outside the workspace
(Medium) SECURITY-1193
Potential denial of service through cron expression form validation
Discovery 2018-12-05 Entry 2018-12-05 jenkins
< 2.154
jenkins-lts
< 2.138.3
https://jenkins.io/security/advisory/2018-12-05/
|
eef0d2d9-78c0-441e-8b03-454c5baebe20 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1955 / CVE-2020-2229
Stored XSS vulnerability in help icons
(High) SECURITY-1957 / CVE-2020-2230
Stored XSS vulnerability in project naming strategy
(High) SECURITY-1960 / CVE-2020-2231
Stored XSS vulnerability in 'Trigger builds remotely'
Discovery 2020-08-12 Entry 2020-08-12 jenkins
< 2.252
jenkins-lts
< 2.235.4
CVE-2020-2229
CVE-2020-2230
CVE-2020-2231
https://www.jenkins.io/security/advisory/2020-08-12/
|
d6f76976-e86d-4f9a-9362-76c849b10db2 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1452 / CVE-2021-21602
Arbitrary file read vulnerability in workspace browsers
(High) SECURITY-1889 / CVE-2021-21603
XSS vulnerability in notification bar
(High) SECURITY-1923 / CVE-2021-21604
Improper handling of REST API XML deserialization errors
(High) SECURITY-2021 / CVE-2021-21605
Path traversal vulnerability in agent names
(Medium) SECURITY-2023 / CVE-2021-21606
Arbitrary file existence check in file fingerprints
(Medium) SECURITY-2025 / CVE-2021-21607
Excessive memory allocation in graph URLs leads to denial of service
(High) SECURITY-2035 / CVE-2021-21608
Stored XSS vulnerability in button labels
(Low) SECURITY-2047 / CVE-2021-21609
Missing permission check for paths with specific prefix
(High) SECURITY-2153 / CVE-2021-21610
Reflected XSS vulnerability in markup formatter preview
(High) SECURITY-2171 / CVE-2021-21611
Stored XSS vulnerability on new item page
Discovery 2021-01-13 Entry 2021-01-13 jenkins
< 2.275
jenkins-lts
< 2.263.2
https://www.jenkins.io/security/advisory/2021-01-13/
|
f68bb358-be8e-11ed-9215-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-3037 / CVE-2023-27898
XSS vulnerability in plugin manager
(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)
DoS vulnerability in bundled Apache Commons FileUpload library
(Medium) SECURITY-1807 / CVE-2023-27902
Workspace temporary directories accessible through directory browser
(Low) SECURITY-3058 / CVE-2023-27903
Temporary file parameter created with insecure permissions
(Low) SECURITY-2120 / CVE-2023-27904
Information disclosure through error stack traces related to agents
Discovery 2023-03-08 Entry 2023-03-09 jenkins
< 2.394
jenkins-lts
< 2.387.1
CVE-2023-27898
CVE-2023-24998
CVE-2023-27900
CVE-2023-27901
CVE-2023-27902
CVE-2023-27903
CVE-2023-27904
https://www.jenkins.io/security/advisory/2023-03-08/
|
9bad457e-b396-4452-8773-15bec67e1ceb | jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
Jenkins Security Advisory:
Description
(Medium) SECURITY-2475 / CVE-2014-3577
Jenkins core bundles vulnerable version of the commons-httpclient library
Discovery 2021-10-06 Entry 2021-10-07 jenkins
< 2.315
jenkins-lts
< 2.303.2
CVE-2014-3577
https://www.jenkins.io/security/advisory/2021-10-06/
|
c2a89e8f-44e9-11ed-9215-00e081b7aa2d | jenkins -- XSS vulnerability
Jenkins Security Advisory:
Description
(High) SECURITY-2886 / CVE-2022-41224
Jenkins 2.367 through 2.369 (both inclusive) does not escape
tooltips of the l:helpIcon UI component used for some help icons on
the Jenkins web UI.
This results in a stored cross-site scripting (XSS) vulnerability
exploitable by attackers able to control tooltips for this
component.
Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.
Discovery 2022-09-21 Entry 2022-10-05 Modified 2022-10-07 jenkins
< 2.370
CVE-2022-41224
https://www.jenkins.io/security/advisory/2022-09-21/
|
402fccd0-5b6d-11ee-9898-00e081b7aa2d | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-3261 / CVE-2023-43494
Builds can be filtered by values of sensitive build variables
(High) SECURITY-3245 / CVE-2023-43495
Stored XSS vulnerability
(High) SECURITY-3072 / CVE-2023-43496
Temporary plugin file created with insecure permissions
(Low) SECURITY-3073 / CVE-2023-43497 (Stapler), CVE-2023-43498 (MultipartFormDataParser)
Temporary uploaded file created with insecure permissions
Discovery 2023-09-20 Entry 2023-09-25 jenkins
< 2.424
jenkins-lts
< 2.414.2
CVE-2023-43494
CVE-2023-43495
CVE-2023-43496
CVE-2023-43497
https://www.jenkins.io/security/advisory/2023-09-20/
|
672eeea9-a070-4f88-b0f1-007e90a2cbc3 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-2558 / CVE-2022-20612
CSRF vulnerability in build triggers
Discovery 2022-01-12 Entry 2022-01-12 jenkins
< 2.330
jenkins-lts
< 2.319.2
CVE-2022-20612
https://www.jenkins.io/security/advisory/2022-01-12/
|
1ddab5cb-14c9-4632-959f-802c412a9593 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1868 / CVE-2020-2220
Stored XSS vulnerability in job build time trend
(High) SECURITY-1901 / CVE-2020-2221
Stored XSS vulnerability in upstream cause
(High) SECURITY-1902 / CVE-2020-2222
Stored XSS vulnerability in 'keep forever' badge icons
(High) SECURITY-1945 / CVE-2020-2223
Stored XSS vulnerability in console links
Discovery 2020-07-15 Entry 2020-07-15 jenkins
< 2.245
jenkins-lts
< 2.235.2
CVE-2020-2220
CVE-2020-2221
CVE-2020-2222
CVE-2020-2223
https://www.jenkins.io/security/advisory/2020-07-15/
|
5bf6ed6d-9002-4f43-ad63-458f59e45384 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1774 / CVE-2020-2160
CSRF protection for any URL could be bypassed
(Medium) SECURITY-1781 / CVE-2020-2161
Stored XSS vulnerability in label expression validation
(Medium) SECURITY-1793 / CVE-2020-2162
Stored XSS vulnerability in file parameters
(Medium) SECURITY-1796 / CVE-2020-2163
Stored XSS vulnerability in list view column headers
Discovery 2020-03-25 Entry 2020-03-25 jenkins
le 2.227
jenkins-lts
le 2.204.5
CVE-2020-2160
CVE-2020-2161
CVE-2020-2162
CVE-2020-2163
https://jenkins.io/security/advisory/2020-03-25/
|
a0321b74-031d-485c-bb76-edd75256a6f0 | jenkins -- Stored XSS vulnerability
Jenkins Security Advisory:
Description
(High) SECURITY-3188 / CVE-2023-39151
Stored XSS vulnerability
Discovery 2023-07-26 Entry 2023-07-26 jenkins
< 2.416
jenkins-lts
< 2.401.3
CVE-2023-39151
https://www.jenkins.io/security/advisory/2023-07-26/
|