Vulnerabilities (CVE)

Vendor filter

Jenkins Subscribe

Filter

256 total CVE
CVE Vendors Products Updated CVSS
CVE-2013-2033 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-12-06 2.1
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or...
CVE-2012-0324 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-10-30 4.3
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via...
CVE-2012-6073 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-10-30 5.8
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web...
CVE-2012-0325 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-10-30 4.3
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via...
CVE-2013-0158 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-10-30 2.6
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers...
CVE-2012-6072 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-10-30 4.3
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers...
CVE-2012-6074 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-10-30 3.5
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write...
CVE-2018-1999045 1 Jenkins 1 Jenkins 2018-10-29 5.5
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.
CVE-2018-1999047 1 Jenkins 1 Jenkins 2018-10-26 4.0
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.
CVE-2018-1999043 1 Jenkins 1 Jenkins 2018-10-26 5.0
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to...
CVE-2018-1999042 1 Jenkins 1 Jenkins 2018-10-26 5.0
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
CVE-2018-1999046 1 Jenkins 1 Jenkins 2018-10-16 4.0
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.
CVE-2018-1999044 1 Jenkins 1 Jenkins 2018-10-16 4.0
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
CVE-2018-1999039 1 Jenkins 1 Confluence Publisher 2018-10-15 4.0
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with...
CVE-2018-1999038 1 Jenkins 1 Publish Over Cifs 2018-10-15 4.9
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
CVE-2018-1999037 1 Jenkins 1 Resource Disposer 2018-10-10 4.0
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.
CVE-2018-1999034 1 Jenkins 1 Inedo Proget 2018-10-09 5.8
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to.
CVE-2018-1000605 1 Jenkins 1 Collabnet 2018-10-09 5.8
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.
CVE-2018-1999030 1 Jenkins 1 Maven Artifact Choicelistprovider %28nexus%29 2018-10-09 4.0
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows...
CVE-2018-1999035 1 Jenkins 1 Inedo Buildmaster 2018-10-05 5.8
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to.