pkg:maven/org.jenkins-ci.main/jenkins-core
Type
maven
Namespace
org.jenkins-ci.main
Name
jenkins-core
Known advisories, vulnerabilities and fixes for org.jenkins-ci.main/jenkins-core package.
Critical
19
High
48
Moderate
115
Low
9
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 2.122, < 2.138 < 2.121.3 |
CVE-2018-1999043
|
MAVEN:GHSA-2632-H32J-6RG9 | Missing Release of Resource after Effective Lifetime in Jenkins | high |
2022-05-13T01:50:55
(2 years ago) |
|
Fixed | = 2.138 = 2.121.3 |
CVE-2018-1999043
|
MAVEN:GHSA-2632-H32J-6RG9 | Missing Release of Resource after Effective Lifetime in Jenkins | high |
2022-05-13T01:50:55
(2 years ago) |
|
Affected | <= 2.46.1 >= 2.50, <= 2.56 |
CVE-2017-1000353
|
MAVEN:GHSA-26WC-3WQP-G3RP | Deserialization of Untrusted Data in Jenkins | critical |
2022-05-13T01:01:03
(2 years ago) |
|
Fixed | = 2.46.2 = 2.57 |
CVE-2017-1000353
|
MAVEN:GHSA-26WC-3WQP-G3RP | Deserialization of Untrusted Data in Jenkins | critical |
2022-05-13T01:01:03
(2 years ago) |
|
Affected | >= 2.415, < 2.424 >= 2.50, < 2.414.2 |
CVE-2023-43494
|
MAVEN:GHSA-279F-QWGH-H5MP | Jenkins does not exclude sensitive build variables from search | moderate |
2023-09-20T18:30:21
(12 months ago) |
|
Fixed | = 2.424 = 2.414.2 |
CVE-2023-43494
|
MAVEN:GHSA-279F-QWGH-H5MP | Jenkins does not exclude sensitive build variables from search | moderate |
2023-09-20T18:30:21
(12 months ago) |
|
Affected | >= 2.122, < 2.138 < 2.121.3 |
CVE-2018-1999042
|
MAVEN:GHSA-28P3-MCHR-9FRJ | Deserialization of Untrusted Data in Jenkins | moderate |
2022-05-14T01:04:56
(2 years ago) |
|
Fixed | = 2.138 = 2.121.3 |
CVE-2018-1999042
|
MAVEN:GHSA-28P3-MCHR-9FRJ | Deserialization of Untrusted Data in Jenkins | moderate |
2022-05-14T01:04:56
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21691
|
MAVEN:GHSA-2C79-H2H5-G3FW | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21691
|
MAVEN:GHSA-2C79-H2H5-G3FW | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | >= 2.122, < 2.132 < 2.121.2 |
CVE-2018-1999006
|
MAVEN:GHSA-2PP9-R4RV-6P6J | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:05:26
(2 years ago) |
|
Fixed | = 2.132 = 2.121.2 |
CVE-2018-1999006
|
MAVEN:GHSA-2PP9-R4RV-6P6J | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:05:26
(2 years ago) |
|
Affected | >= 2.108, <= 2.120 <= 2.107.2 |
CVE-2018-1000192
|
MAVEN:GHSA-2W4X-RXP7-GRG7 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Fixed | = 2.121 = 2.107.3 |
CVE-2018-1000192
|
MAVEN:GHSA-2W4X-RXP7-GRG7 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Affected | <= 2.19.2 >= 2.20, <= 2.31 |
CVE-2016-9299
|
MAVEN:GHSA-2X9H-H3C4-WQQH | Improper Neutralization of Special Elements used in an LDAP Query in Jenkins | critical |
2022-05-14T01:00:43
(2 years ago) |
|
Fixed | = 2.19.3 = 2.32 |
CVE-2016-9299
|
MAVEN:GHSA-2X9H-H3C4-WQQH | Improper Neutralization of Special Elements used in an LDAP Query in Jenkins | critical |
2022-05-14T01:00:43
(2 years ago) |
|
Affected | > 2.204.6, <= 2.227 <= 2.204.5 |
CVE-2020-2163
|
MAVEN:GHSA-2XCM-H7VV-G8M9 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:12:40
(2 years ago) |
|
Fixed | = 2.228 = 2.204.6 |
CVE-2020-2163
|
MAVEN:GHSA-2XCM-H7VV-G8M9 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:12:40
(2 years ago) |
|
Affected | < 2.44 |
CVE-2017-2611
|
MAVEN:GHSA-3297-944X-J7X7 | Incorrect Authorization in Jenkins Core | moderate |
2022-05-13T01:16:28
(2 years ago) |
|
Fixed | = 2.44 |
CVE-2017-2611
|
MAVEN:GHSA-3297-944X-J7X7 | Incorrect Authorization in Jenkins Core | moderate |
2022-05-13T01:16:28
(2 years ago) |
|
Affected | < 2.319.3 >= 2.320, < 2.334 |
CVE-2022-0538
|
MAVEN:GHSA-34WX-X2W9-VQM3 | DoS vulnerability in bundled XStream library in Jenkins Core | moderate |
2022-02-10T00:00:30
(2 years ago) |
|
Fixed | = 2.319.3 = 2.334 |
CVE-2022-0538
|
MAVEN:GHSA-34WX-X2W9-VQM3 | DoS vulnerability in bundled XStream library in Jenkins Core | moderate |
2022-02-10T00:00:30
(2 years ago) |
|
Affected | < 2.3 |
CVE-2016-3722
|
MAVEN:GHSA-3857-XM38-JMQ2 | Incorrect Authorization in Jenkins Core | moderate |
2022-05-14T03:57:44
(2 years ago) |
|
Fixed | = 2.3 |
CVE-2016-3722
|
MAVEN:GHSA-3857-XM38-JMQ2 | Incorrect Authorization in Jenkins Core | moderate |
2022-05-14T03:57:44
(2 years ago) |
|
Affected | < 1.565.3 >= 1.566, < 1.583 |
CVE-2014-3664
|
MAVEN:GHSA-3GP5-92H5-H855 | Jenkins Path Traversal vulnerability | moderate |
2022-05-17T01:24:36
(2 years ago) |
|
Fixed | = 1.565.3 = 1.583 |
CVE-2014-3664
|
MAVEN:GHSA-3GP5-92H5-H855 | Jenkins Path Traversal vulnerability | moderate |
2022-05-17T01:24:36
(2 years ago) |
|
Affected | >= 2.140, <= 2.145 <= 2.138.1 |
CVE-2018-1000406
|
MAVEN:GHSA-3PR8-RF62-G893 | Path Traversal in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.146 = 2.138.2 |
CVE-2018-1000406
|
MAVEN:GHSA-3PR8-RF62-G893 | Path Traversal in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21687
|
MAVEN:GHSA-3Q84-VRVX-RFVF | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21687
|
MAVEN:GHSA-3Q84-VRVX-RFVF | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2607
|
MAVEN:GHSA-42M6-7XFF-9V9M | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2607
|
MAVEN:GHSA-42M6-7XFF-9V9M | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | <= 2.46.1 >= 2.50, <= 2.56 |
CVE-2017-1000355
|
MAVEN:GHSA-4466-8JM4-448P | Deserialization of Untrusted Data in Jenkins | moderate |
2022-05-14T03:44:36
(2 years ago) |
|
Fixed | = 2.46.2 = 2.57 |
CVE-2017-1000355
|
MAVEN:GHSA-4466-8JM4-448P | Deserialization of Untrusted Data in Jenkins | moderate |
2022-05-14T03:44:36
(2 years ago) |
|
Affected | >= 2.264, <= 2.274 <= 2.263.1 |
CVE-2021-21609
|
MAVEN:GHSA-4625-Q52W-39CX | Missing permission check for paths with specific prefix in Jenkins | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21609
|
MAVEN:GHSA-4625-Q52W-39CX | Missing permission check for paths with specific prefix in Jenkins | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Affected | >= 2.177, <= 2.196 <= 2.176.3 |
CVE-2019-10405
|
MAVEN:GHSA-47WC-P5CP-W7PW | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Fixed | = 2.197 = 2.176.4 |
CVE-2019-10405
|
MAVEN:GHSA-47WC-P5CP-W7PW | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Affected | >= 2.304, <= 2.318 < 2.303.2 |
CVE-2021-21686
|
MAVEN:GHSA-4G38-HRM4-RG94 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:45
(2 years ago) |
|
Fixed | = 2.319 = 2.303.3 |
CVE-2021-21686
|
MAVEN:GHSA-4G38-HRM4-RG94 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:45
(2 years ago) |
|
Affected | >= 2.140, <= 2.145 <= 2.138.1 |
CVE-2018-1000408
|
MAVEN:GHSA-4H47-H3CR-23WH | Improper Authorization in Jenkins | moderate |
2022-05-13T01:48:36
(2 years ago) |
|
Fixed | = 2.146 = 2.138.2 |
CVE-2018-1000408
|
MAVEN:GHSA-4H47-H3CR-23WH | Improper Authorization in Jenkins | moderate |
2022-05-13T01:48:36
(2 years ago) |
|
Affected | >= 2.140, <= 2.153 <= 2.138.3 |
CVE-2018-1000863
|
MAVEN:GHSA-4JHM-5F7G-75FP | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | high |
2022-05-13T01:48:39
(2 years ago) |
|
Fixed | = 2.154 = 2.138.4 |
CVE-2018-1000863
|
MAVEN:GHSA-4JHM-5F7G-75FP | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | high |
2022-05-13T01:48:39
(2 years ago) |
|
Affected | < 2.204.2 >= 2.205, < 2.219 |
CVE-2020-2103
|
MAVEN:GHSA-4JJJ-CM7Q-V6HR | Jenkins Diagnostic page exposed session cookies | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Fixed | = 2.204.2 = 2.219 |
CVE-2020-2103
|
MAVEN:GHSA-4JJJ-CM7Q-V6HR | Jenkins Diagnostic page exposed session cookies | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Affected | >= 2.304, <= 2.314 <= 2.303.1 |
CVE-2021-21683
|
MAVEN:GHSA-4PW5-R58H-FV24 | Path traversal vulnerability on Windows in Jenkins | moderate |
2022-05-24T19:16:59
(2 years ago) |
|
Fixed | = 2.315 = 2.303.2 |
CVE-2021-21683
|
MAVEN:GHSA-4PW5-R58H-FV24 | Path traversal vulnerability on Windows in Jenkins | moderate |
2022-05-24T19:16:59
(2 years ago) |
|
Affected | <= 2.289.1 >= 2.292, <= 2.299 |
CVE-2021-21671
|
MAVEN:GHSA-4WR9-2XC6-JMG5 | Session fixation vulnerability in Jenkins | high |
2022-05-24T19:06:36
(2 years ago) |
|
Fixed | = 2.289.2 = 2.300 |
CVE-2021-21671
|
MAVEN:GHSA-4WR9-2XC6-JMG5 | Session fixation vulnerability in Jenkins | high |
2022-05-24T19:06:36
(2 years ago) |
|
Affected | >= 2.140, <= 2.145 <= 2.138.1 |
CVE-2018-1000410
|
MAVEN:GHSA-53JP-GMWC-JWF6 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | high |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.146 = 2.138.2 |
CVE-2018-1000410
|
MAVEN:GHSA-53JP-GMWC-JWF6 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | high |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | >= 2.222.1, < 2.427 |
CVE-2024-23898
|
MAVEN:GHSA-53PH-2R2X-VQW8 | Cross-site WebSocket hijacking vulnerability in the Jenkins CLI | high |
2024-01-24T18:31:02
(7 months ago) |
|
Fixed | = 2.427 |
CVE-2024-23898
|
MAVEN:GHSA-53PH-2R2X-VQW8 | Cross-site WebSocket hijacking vulnerability in the Jenkins CLI | high |
2024-01-24T18:31:02
(7 months ago) |
|
Affected | >= 2.415, < 2.424 >= 2.50, < 2.414.2 |
CVE-2023-43496
|
MAVEN:GHSA-55WP-3PQ4-W8P9 | Jenkins temporary plugin file created with insecure permissions | high |
2023-09-20T18:30:21
(12 months ago) |
|
Fixed | = 2.424 = 2.414.2 |
CVE-2023-43496
|
MAVEN:GHSA-55WP-3PQ4-W8P9 | Jenkins temporary plugin file created with insecure permissions | high |
2023-09-20T18:30:21
(12 months ago) |
|
Affected | >= 2.388, < 2.394 >= 2.376, < 2.387.1 < 2.375.4 |
CVE-2023-27903
|
MAVEN:GHSA-584M-7R4M-8J6V | Incorrect Authorization in Jenkins Core | low |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.394 = 2.387.1 = 2.375.4 |
CVE-2023-27903
|
MAVEN:GHSA-584M-7R4M-8J6V | Incorrect Authorization in Jenkins Core | low |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | >= 2.304, <= 2.318 < 2.303.2 |
CVE-2021-21685
|
MAVEN:GHSA-58XM-MXJF-254G | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.319 = 2.303.3 |
CVE-2021-21685
|
MAVEN:GHSA-58XM-MXJF-254G | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | < 2.3 |
CVE-2016-3725
|
MAVEN:GHSA-59FM-6X3Q-Q3Q5 | Missing permissions check in Jenkins Core | moderate |
2022-05-14T03:57:44
(2 years ago) |
|
Fixed | = 2.3 |
CVE-2016-3725
|
MAVEN:GHSA-59FM-6X3Q-Q3Q5 | Missing permissions check in Jenkins Core | moderate |
2022-05-14T03:57:44
(2 years ago) |
|
Affected | >= 2.140, <= 2.145 <= 2.138.1 |
CVE-2018-1000997
|
MAVEN:GHSA-5HFP-964W-5VGM | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Fixed | = 2.146 = 2.138.2 |
CVE-2018-1000997
|
MAVEN:GHSA-5HFP-964W-5VGM | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Affected | >= 2.415, < 2.424 >= 2.50, < 2.414.2 |
CVE-2023-43495
|
MAVEN:GHSA-5J46-5HWQ-GWH7 | Jenkins Cross-site Scripting vulnerability | high |
2023-09-20T18:30:21
(12 months ago) |
|
Fixed | = 2.424 = 2.414.2 |
CVE-2023-43495
|
MAVEN:GHSA-5J46-5HWQ-GWH7 | Jenkins Cross-site Scripting vulnerability | high |
2023-09-20T18:30:21
(12 months ago) |
|
Affected | >= 2.90, < 2.107 < 2.89.4 |
CVE-2018-6356
|
MAVEN:GHSA-5P59-V5WM-77V4 | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Fixed | = 2.107 = 2.89.4 |
CVE-2018-6356
|
MAVEN:GHSA-5P59-V5WM-77V4 | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Affected | >= 2.74, <= 2.88 <= 2.73.2 |
CVE-2017-1000392
|
MAVEN:GHSA-5PPX-RGW2-XG23 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-14T01:04:30
(2 years ago) |
|
Fixed | = 2.89 = 2.73.3 |
CVE-2017-1000392
|
MAVEN:GHSA-5PPX-RGW2-XG23 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-14T01:04:30
(2 years ago) |
|
Affected | >= 2.346, < 2.346.1 >= 2.320, < 2.332.4 >= 2.350, < 2.356 |
CVE-2022-34170
|
MAVEN:GHSA-62WF-24C4-8R76 | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Fixed | = 2.346.1 = 2.332.4 = 2.356 |
CVE-2022-34170
|
MAVEN:GHSA-62WF-24C4-8R76 | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Affected | >= 2.122, < 2.132 < 2.121.2 |
CVE-2018-1999007
|
MAVEN:GHSA-6456-XJM5-G3PG | Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Fixed | = 2.132 = 2.121.2 |
CVE-2018-1999007
|
MAVEN:GHSA-6456-XJM5-G3PG | Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Affected | < 1.565.3 >= 1.566, < 1.583 |
CVE-2014-3663
|
MAVEN:GHSA-64MC-2M9P-23C8 | Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs | moderate |
2022-05-17T03:53:35
(2 years ago) |
|
Fixed | = 1.565.3 = 1.583 |
CVE-2014-3663
|
MAVEN:GHSA-64MC-2M9P-23C8 | Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs | moderate |
2022-05-17T03:53:35
(2 years ago) |
|
Affected | >= 2.122, < 2.138 < 2.121.3 |
CVE-2018-1999046
|
MAVEN:GHSA-667Q-VJ58-RJ88 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:56
(2 years ago) |
|
Fixed | = 2.138 = 2.121.3 |
CVE-2018-1999046
|
MAVEN:GHSA-667Q-VJ58-RJ88 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:56
(2 years ago) |
|
Affected | < 1.587 |
CVE-2014-3665
|
MAVEN:GHSA-66CR-6WHX-732P | Jenkins improperly ensures trust separation | moderate |
2022-05-17T03:53:35
(2 years ago) |
|
Fixed | = 1.587 |
CVE-2014-3665
|
MAVEN:GHSA-66CR-6WHX-732P | Jenkins improperly ensures trust separation | moderate |
2022-05-17T03:53:35
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2606
|
MAVEN:GHSA-6967-9VVV-4CMM | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2606
|
MAVEN:GHSA-6967-9VVV-4CMM | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | >= 2.402, < 2.414.1 = 2.415 < 2.401.3 |
CVE-2023-39151
|
MAVEN:GHSA-69VW-3PCM-84RW | Jenkins Stored Cross-site Scripting vulnerability | high |
2023-07-26T15:30:57
(13 months ago) |
|
Fixed | = 2.414.1 = 2.416 = 2.401.3 |
CVE-2023-39151
|
MAVEN:GHSA-69VW-3PCM-84RW | Jenkins Stored Cross-site Scripting vulnerability | high |
2023-07-26T15:30:57
(13 months ago) |
|
Affected | >= 2.222.1, < 2.427 |
CVE-2024-23897
|
MAVEN:GHSA-6F9G-CXWR-Q5JR | Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE | critical |
2024-01-24T18:31:02
(7 months ago) |
|
Fixed | = 2.427 |
CVE-2024-23897
|
MAVEN:GHSA-6F9G-CXWR-Q5JR | Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE | critical |
2024-01-24T18:31:02
(7 months ago) |
|
Affected | >= 2.340, < 2.356 |
CVE-2022-34173
|
MAVEN:GHSA-6G4R-Q7QG-6QX6 | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Fixed | = 2.356 |
CVE-2022-34173
|
MAVEN:GHSA-6G4R-Q7QG-6QX6 | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Affected | >= 2.177, <= 2.185 <= 2.176.1 |
CVE-2019-10354
|
MAVEN:GHSA-6JFC-MC97-C7WG | Missing Authorization in Jenkins | moderate |
2022-05-24T16:50:30
(2 years ago) |
|
Fixed | = 2.186 = 2.176.2 |
CVE-2019-10354
|
MAVEN:GHSA-6JFC-MC97-C7WG | Missing Authorization in Jenkins | moderate |
2022-05-24T16:50:30
(2 years ago) |
|
Affected | >= 2.90, <= 2.106 <= 2.89.3 |
CVE-2018-1000067
|
MAVEN:GHSA-6MV9-HCX5-7MHH | Server-Side Request Forgery in Jenkins | moderate |
2022-05-13T01:01:03
(2 years ago) |
|
Fixed | = 2.107 = 2.89.4 |
CVE-2018-1000067
|
MAVEN:GHSA-6MV9-HCX5-7MHH | Server-Side Request Forgery in Jenkins | moderate |
2022-05-13T01:01:03
(2 years ago) |
|
Affected | <= 2.303.1 >= 2.304, <= 2.314 |
CVE-2021-21682
|
MAVEN:GHSA-6Q4G-84F3-MW74 | Improper handling of equivalent directory names on Windows in Jenkins | moderate |
2022-05-24T19:16:59
(2 years ago) |
|
Fixed | = 2.303.2 = 2.315 |
CVE-2021-21682
|
MAVEN:GHSA-6Q4G-84F3-MW74 | Improper handling of equivalent directory names on Windows in Jenkins | moderate |
2022-05-24T19:16:59
(2 years ago) |
|
Affected | < 2.159 |
CVE-2019-1003003
|
MAVEN:GHSA-6RH5-23HX-J452 | Improper Authorization in Jenkins Core | high |
2022-05-13T01:05:22
(2 years ago) |
|
Fixed | = 2.159 |
CVE-2019-1003003
|
MAVEN:GHSA-6RH5-23HX-J452 | Improper Authorization in Jenkins Core | high |
2022-05-13T01:05:22
(2 years ago) |
|
Affected | >= 2.165, <= 2.171 <= 2.164.1 |
CVE-2019-1003049
|
MAVEN:GHSA-742J-JCFR-23W3 | Insufficient Session Expiration in Jenkins | high |
2022-05-13T01:01:01
(2 years ago) |
|
Fixed | = 2.172 = 2.164.2 |
CVE-2019-1003049
|
MAVEN:GHSA-742J-JCFR-23W3 | Insufficient Session Expiration in Jenkins | high |
2022-05-13T01:01:01
(2 years ago) |
|
Affected | >= 2.108, <= 2.120 <= 2.107.2 |
CVE-2018-1000193
|
MAVEN:GHSA-7592-93RM-6GPX | Injection in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Fixed | = 2.121 = 2.107.3 |
CVE-2018-1000193
|
MAVEN:GHSA-7592-93RM-6GPX | Injection in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Affected | < 1.480.3 >= 1.481, < 1.502 |
CVE-2013-0329
|
MAVEN:GHSA-78CJ-2M29-Q5R9 | Jenkins Cross-Site Request Forgery vulnerability | moderate |
2022-05-05T02:48:48
(2 years ago) |
|
Fixed | = 1.480.3 = 1.502 |
CVE-2013-0329
|
MAVEN:GHSA-78CJ-2M29-Q5R9 | Jenkins Cross-Site Request Forgery vulnerability | moderate |
2022-05-05T02:48:48
(2 years ago) |
|
Affected | >= 2.177, <= 2.196 <= 2.176.3 |
CVE-2019-10403
|
MAVEN:GHSA-7CJC-XPPR-XJ6X | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Fixed | = 2.197 = 2.176.4 |
CVE-2019-10403
|
MAVEN:GHSA-7CJC-XPPR-XJ6X | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Affected | < 1.586 |
CVE-2014-9635
|
MAVEN:GHSA-7F6W-FHMR-J8HQ | Jenkins HttpOnly flag not Set for session cookies | moderate |
2022-05-17T00:50:19
(2 years ago) |
|
Fixed | = 1.586 |
CVE-2014-9635
|
MAVEN:GHSA-7F6W-FHMR-J8HQ | Jenkins HttpOnly flag not Set for session cookies | moderate |
2022-05-17T00:50:19
(2 years ago) |
|
Affected | < 2.332.4 >= 2.346, < 2.346.1 >= 2.350, < 2.356 |
CVE-2022-34171
|
MAVEN:GHSA-7F84-P6R5-JR6Q | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Fixed | = 2.332.4 = 2.346.1 = 2.356 |
CVE-2022-34171
|
MAVEN:GHSA-7F84-P6R5-JR6Q | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2058
|
MAVEN:GHSA-7FPG-PP3M-H22F | Jenkins allows attackers to execute arbitrary jobs | moderate |
2022-05-17T03:53:55
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2058
|
MAVEN:GHSA-7FPG-PP3M-H22F | Jenkins allows attackers to execute arbitrary jobs | moderate |
2022-05-17T03:53:55
(2 years ago) |
|
Affected | >= 2.264, <= 2.274 <= 2.263.1 |
CVE-2021-21610
|
MAVEN:GHSA-7QF3-C2Q8-69M3 | Reflected XSS vulnerability in Jenkins markup formatter preview | moderate |
2022-05-24T17:39:13
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21610
|
MAVEN:GHSA-7QF3-C2Q8-69M3 | Reflected XSS vulnerability in Jenkins markup formatter preview | moderate |
2022-05-24T17:39:13
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2599
|
MAVEN:GHSA-7R4H-2H23-6JQ9 | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:12:25
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2599
|
MAVEN:GHSA-7R4H-2H23-6JQ9 | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:12:25
(2 years ago) |
|
Affected | >= 2.205, <= 2.218 <= 2.204.1 |
CVE-2020-2105
|
MAVEN:GHSA-7XP8-7WQX-5HQX | Jenkins REST APIs vulnerable to clickjacking | low |
2022-05-24T17:07:41
(2 years ago) |
|
Fixed | = 2.219 = 2.204.2 |
CVE-2020-2105
|
MAVEN:GHSA-7XP8-7WQX-5HQX | Jenkins REST APIs vulnerable to clickjacking | low |
2022-05-24T17:07:41
(2 years ago) |
|
Affected | >= 1.513, < 1.514 < 1.509.1 |
CVE-2013-2033
|
MAVEN:GHSA-826F-32QM-VM3J | Jenkins vulnerable to Cross-site Scripting | moderate |
2022-05-14T01:52:20
(2 years ago) |
|
Fixed | = 1.514 = 1.509.1 |
CVE-2013-2033
|
MAVEN:GHSA-826F-32QM-VM3J | Jenkins vulnerable to Cross-site Scripting | moderate |
2022-05-14T01:52:20
(2 years ago) |
|
Affected | < 2.3 |
CVE-2016-3723
|
MAVEN:GHSA-8572-5JRG-MX52 | Exposure of Sensitive Information in Jenkins Core | moderate |
2022-05-14T03:57:45
(2 years ago) |
|
Fixed | = 2.3 |
CVE-2016-3723
|
MAVEN:GHSA-8572-5JRG-MX52 | Exposure of Sensitive Information in Jenkins Core | moderate |
2022-05-14T03:57:45
(2 years ago) |
|
Affected | <= 2.46.1 >= 2.50, <= 2.56 |
CVE-2017-1000356
|
MAVEN:GHSA-85WQ-PQHP-HMQ6 | Cross-Site Request Forgery in Jenkins | high |
2022-05-14T03:44:36
(2 years ago) |
|
Fixed | = 2.46.2 = 2.57 |
CVE-2017-1000356
|
MAVEN:GHSA-85WQ-PQHP-HMQ6 | Cross-Site Request Forgery in Jenkins | high |
2022-05-14T03:44:36
(2 years ago) |
|
Affected | >= 2.236, <= 2.244 <= 2.235.1 |
CVE-2020-2222
|
MAVEN:GHSA-864V-5Q2G-FR64 | Stored XSS vulnerability in Jenkins 'keep forever' badge icon | high |
2022-05-24T17:23:39
(2 years ago) |
|
Fixed | = 2.245 = 2.235.2 |
CVE-2020-2222
|
MAVEN:GHSA-864V-5Q2G-FR64 | Stored XSS vulnerability in Jenkins 'keep forever' badge icon | high |
2022-05-24T17:23:39
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2066
|
MAVEN:GHSA-8JFX-H6Q2-V4G3 | Jenkins session fixation vulnerability | moderate |
2022-05-17T03:53:42
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2066
|
MAVEN:GHSA-8JFX-H6Q2-V4G3 | Jenkins session fixation vulnerability | moderate |
2022-05-17T03:53:42
(2 years ago) |
|
Affected | >= 2.470, < 2.471 >= 2.460, < 2.462.1 < 2.452.4 |
CVE-2024-43045
|
MAVEN:GHSA-8PV9-QH96-9HC6 | Jenkins does not perform a permission check in an HTTP endpoint | moderate |
2024-08-07T15:30:42
(5 weeks ago) |
|
Fixed | = 2.471 = 2.462.1 = 2.452.4 |
CVE-2024-43045
|
MAVEN:GHSA-8PV9-QH96-9HC6 | Jenkins does not perform a permission check in an HTTP endpoint | moderate |
2024-08-07T15:30:42
(5 weeks ago) |
|
Affected | < 2.138 |
CVE-2018-1999044
|
MAVEN:GHSA-8QPF-FV36-H4R8 | Infinite Loop in Jenkins Core | moderate |
2022-05-13T01:50:55
(2 years ago) |
|
Fixed | = 2.138 |
CVE-2018-1999044
|
MAVEN:GHSA-8QPF-FV36-H4R8 | Infinite Loop in Jenkins Core | moderate |
2022-05-13T01:50:55
(2 years ago) |
|
Affected | < 2.159 |
CVE-2019-1003004
|
MAVEN:GHSA-8QXP-G8JV-P37X | Improper Authorization in Jenkins Core | high |
2022-05-13T01:05:22
(2 years ago) |
|
Fixed | = 2.159 |
CVE-2019-1003004
|
MAVEN:GHSA-8QXP-G8JV-P37X | Improper Authorization in Jenkins Core | high |
2022-05-13T01:05:22
(2 years ago) |
|
Affected | < 1.565.3 >= 1.566, < 1.583 |
CVE-2014-3680
|
MAVEN:GHSA-8X8P-MFWV-9FJW | Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability | moderate |
2022-05-17T03:53:31
(2 years ago) |
|
Fixed | = 1.565.3 = 1.583 |
CVE-2014-3680
|
MAVEN:GHSA-8X8P-MFWV-9FJW | Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability | moderate |
2022-05-17T03:53:31
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21692
|
MAVEN:GHSA-8XG4-XQ2V-V6J7 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21692
|
MAVEN:GHSA-8XG4-XQ2V-V6J7 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | < 2.303.3 >= 2.304, <= 2.318 |
CVE-2021-21693
|
MAVEN:GHSA-929W-Q433-4H9X | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21693
|
MAVEN:GHSA-929W-Q433-4H9X | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | >= 2.40, <= 2.43 >= 1.498, <= 2.32.1 |
CVE-2017-1000362
|
MAVEN:GHSA-92MR-4W2Q-4578 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | critical |
2022-05-17T02:25:41
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-1000362
|
MAVEN:GHSA-92MR-4W2Q-4578 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | critical |
2022-05-17T02:25:41
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21690
|
MAVEN:GHSA-97C3-W9CR-6QC2 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21690
|
MAVEN:GHSA-97C3-W9CR-6QC2 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | < 2.400 |
CVE-2023-35141
|
MAVEN:GHSA-98FP-R22G-WPJ7 | Jenkins CSRF protection bypass vulnerability | high |
2023-06-14T15:30:37
(15 months ago) |
|
Fixed | = 2.400 |
CVE-2023-35141
|
MAVEN:GHSA-98FP-R22G-WPJ7 | Jenkins CSRF protection bypass vulnerability | high |
2023-06-14T15:30:37
(15 months ago) |
|
Affected | >= 2.263.2, <= 2.274 < 2.263.1 |
CVE-2021-21603
|
MAVEN:GHSA-98GQ-6HXG-52R6 | XSS vulnerability in Jenkins notification bar | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Fixed | = 2.275 |
CVE-2021-21603
|
MAVEN:GHSA-98GQ-6HXG-52R6 | XSS vulnerability in Jenkins notification bar | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Affected | >= 2.90, <= 2.94 >= 2.81, <= 2.89.1 |
CVE-2017-1000504
|
MAVEN:GHSA-99HJ-PPG3-2XWC | Cross-Site Request Forgery in Jenkins | high |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.95 = 2.89.2 |
CVE-2017-1000504
|
MAVEN:GHSA-99HJ-PPG3-2XWC | Cross-Site Request Forgery in Jenkins | high |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | >= 2.140, <= 2.153 <= 2.138.3 |
CVE-2018-1000864
|
MAVEN:GHSA-9CJV-93G7-C6MV | Loop with Unreachable Exit Condition in Jenkins | moderate |
2022-05-13T01:48:40
(2 years ago) |
|
Fixed | = 2.154 = 2.138.4 |
CVE-2018-1000864
|
MAVEN:GHSA-9CJV-93G7-C6MV | Loop with Unreachable Exit Condition in Jenkins | moderate |
2022-05-13T01:48:40
(2 years ago) |
|
Affected | >= 2.236, <= 2.251 <= 2.235.3 |
CVE-2020-2230
|
MAVEN:GHSA-9G4M-FFX6-C29G | Jenkins Cross-site Scripting vulnerability in project naming strategy | high |
2022-05-24T17:25:24
(2 years ago) |
|
Fixed | = 2.252 = 2.235.4 |
CVE-2020-2230
|
MAVEN:GHSA-9G4M-FFX6-C29G | Jenkins Cross-site Scripting vulnerability in project naming strategy | high |
2022-05-24T17:25:24
(2 years ago) |
|
Affected | < 2.332.4 >= 2.334, < 2.356 |
CVE-2022-34174
|
MAVEN:GHSA-9GRJ-J43M-MJQR | Observable timing discrepancy allows determining username validity in Jenkins | moderate |
2022-06-24T00:00:31
(2 years ago) |
|
Fixed | = 2.332.4 = 2.356 |
CVE-2022-34174
|
MAVEN:GHSA-9GRJ-J43M-MJQR | Observable timing discrepancy allows determining username validity in Jenkins | moderate |
2022-06-24T00:00:31
(2 years ago) |
|
Affected | <= 2.107.1 >= 2.108, <= 2.115 |
CVE-2018-1000170
|
MAVEN:GHSA-9JCV-V4JP-W3CQ | Cross-site Scripting in Jenkins Core | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.107.2 = 2.116 |
CVE-2018-1000170
|
MAVEN:GHSA-9JCV-V4JP-W3CQ | Cross-site Scripting in Jenkins Core | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | >= 2.177, <= 2.191 <= 2.176.2 |
CVE-2019-10383
|
MAVEN:GHSA-9M48-54PJ-H248 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T16:55:01
(2 years ago) |
|
Fixed | = 2.192 = 2.176.3 |
CVE-2019-10383
|
MAVEN:GHSA-9M48-54PJ-H248 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T16:55:01
(2 years ago) |
|
Affected | >= 2.177, <= 2.196 <= 2.176.3 |
CVE-2019-10404
|
MAVEN:GHSA-9QGF-4FPF-CMH2 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Fixed | = 2.197 = 2.176.4 |
CVE-2019-10404
|
MAVEN:GHSA-9QGF-4FPF-CMH2 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2064
|
MAVEN:GHSA-9VG9-X38G-9HFX | Jenkins allows attackers to determine whether a user exists | moderate |
2022-05-17T03:53:52
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2064
|
MAVEN:GHSA-9VG9-X38G-9HFX | Jenkins allows attackers to determine whether a user exists | moderate |
2022-05-17T03:53:52
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21696
|
MAVEN:GHSA-C5R9-RX53-Q3GF | Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin | high |
2022-05-24T19:19:43
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21696
|
MAVEN:GHSA-C5R9-RX53-Q3GF | Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin | high |
2022-05-24T19:19:43
(2 years ago) |
|
Affected | >= 2.205, <= 2.227 <= 2.204.5 |
CVE-2020-2160
|
MAVEN:GHSA-C735-G9F2-2MVP | Cross-Site Request Forgery in Jenkins | high |
2022-05-24T17:12:40
(2 years ago) |
|
Fixed | = 2.228 = 2.204.6 |
CVE-2020-2160
|
MAVEN:GHSA-C735-G9F2-2MVP | Cross-Site Request Forgery in Jenkins | high |
2022-05-24T17:12:40
(2 years ago) |
|
Affected | >= 2.388, < 2.394 < 2.375.4 >= 2.376, < 2.387.1 |
CVE-2023-27902
|
MAVEN:GHSA-CJ6R-8PXJ-5JV6 | Incorrect Permission Preservation in Jenkins Core | moderate |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.394 = 2.375.4 = 2.387.1 |
CVE-2023-27902
|
MAVEN:GHSA-CJ6R-8PXJ-5JV6 | Incorrect Permission Preservation in Jenkins Core | moderate |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | >= 2.108, <= 2.115 <= 2.107.1 |
CVE-2018-1000169
|
MAVEN:GHSA-CPW3-X7GF-P872 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T00:55:17
(2 years ago) |
|
Fixed | = 2.116 = 2.107.2 |
CVE-2018-1000169
|
MAVEN:GHSA-CPW3-X7GF-P872 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T00:55:17
(2 years ago) |
|
Affected | >= 2.204.6, <= 2.227 <= 2.204.5 |
CVE-2020-2162
|
MAVEN:GHSA-CRG2-6XV3-QG5F | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:12:40
(2 years ago) |
|
Fixed | = 2.228 |
CVE-2020-2162
|
MAVEN:GHSA-CRG2-6XV3-QG5F | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:12:40
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21697
|
MAVEN:GHSA-CV2W-Q8C3-XJV7 | Agent-to-controller access control allows reading/writing most content of build directories in Jenkins | critical |
2022-05-24T19:19:43
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21697
|
MAVEN:GHSA-CV2W-Q8C3-XJV7 | Agent-to-controller access control allows reading/writing most content of build directories in Jenkins | critical |
2022-05-24T19:19:43
(2 years ago) |
|
Affected | < 2.303.3 >= 2.304, <= 2.318 |
CVE-2021-21695
|
MAVEN:GHSA-CVVM-4CR9-R436 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:43
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21695
|
MAVEN:GHSA-CVVM-4CR9-R436 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:43
(2 years ago) |
|
Affected | < 1.565.3 >= 1.566, < 1.583 |
CVE-2014-3681
|
MAVEN:GHSA-CWH9-F8M6-6R63 | Jenkins Cross-site Scripting vulnerability | moderate |
2022-05-14T01:48:04
(2 years ago) |
|
Fixed | = 1.565.3 = 1.583 |
CVE-2014-3681
|
MAVEN:GHSA-CWH9-F8M6-6R63 | Jenkins Cross-site Scripting vulnerability | moderate |
2022-05-14T01:48:04
(2 years ago) |
|
Affected | >= 2.264, <= 2.274 <= 2.263.1 |
CVE-2021-21607
|
MAVEN:GHSA-CXQW-VJCR-GP5G | Excessive memory allocation in graph URLs leads to denial of service in Jenkins | moderate |
2022-05-24T17:39:13
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21607
|
MAVEN:GHSA-CXQW-VJCR-GP5G | Excessive memory allocation in graph URLs leads to denial of service in Jenkins | moderate |
2022-05-24T17:39:13
(2 years ago) |
|
Affected | >= 2.264, <= 2.274 < 2.263.2 |
CVE-2021-21606
|
MAVEN:GHSA-F585-9FW3-RJ2M | Arbitrary file existence check in file fingerprints in Jenkins | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21606
|
MAVEN:GHSA-F585-9FW3-RJ2M | Arbitrary file existence check in file fingerprints in Jenkins | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000394
|
MAVEN:GHSA-F7F6-XRWC-9C57 | Improper Input Validation in Jenkins | high |
2022-05-14T01:04:31
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000394
|
MAVEN:GHSA-F7F6-XRWC-9C57 | Improper Input Validation in Jenkins | high |
2022-05-14T01:04:31
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2602
|
MAVEN:GHSA-FFGG-VPHH-V273 | Incomplete List of Disallowed Inputs in Jenkins | moderate |
2022-05-13T01:36:56
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2602
|
MAVEN:GHSA-FFGG-VPHH-V273 | Incomplete List of Disallowed Inputs in Jenkins | moderate |
2022-05-13T01:36:56
(2 years ago) |
|
Affected | >= 1.513, < 1.514 < 1.509.1 |
CVE-2013-2034
|
MAVEN:GHSA-FG4R-F9J2-36MW | Jenkins Cross-Site Request Forgery vulnerabilities | moderate |
2022-05-17T03:51:00
(2 years ago) |
|
Fixed | = 1.514 = 1.509.1 |
CVE-2013-2034
|
MAVEN:GHSA-FG4R-F9J2-36MW | Jenkins Cross-Site Request Forgery vulnerabilities | moderate |
2022-05-17T03:51:00
(2 years ago) |
|
Affected | >= 2.205, <= 2.218 <= 2.204.1 |
CVE-2020-2102
|
MAVEN:GHSA-FJ6F-6933-839J | Non-constant time HMAC comparison | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Fixed | = 2.219 = 2.204.2 |
CVE-2020-2102
|
MAVEN:GHSA-FJ6F-6933-839J | Non-constant time HMAC comparison | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000396
|
MAVEN:GHSA-FQ9F-9WV9-RFMG | Improper Certificate Validation in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000396
|
MAVEN:GHSA-FQ9F-9WV9-RFMG | Improper Certificate Validation in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Affected | >= 2.376, < 2.387.1 >= 2.388, < 2.394 < 2.375.4 |
CVE-2023-27900
|
MAVEN:GHSA-FRGR-C5F2-8QHH | Denial of service in Jenkins Core | moderate |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.387.1 = 2.394 = 2.375.4 |
CVE-2023-27900
|
MAVEN:GHSA-FRGR-C5F2-8QHH | Denial of service in Jenkins Core | moderate |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | >= 2.34, < 2.44 < 2.32.2 |
CVE-2017-2608
|
MAVEN:GHSA-FWQR-3PVP-PJWQ | Deserialization of Untrusted Data in Jenkins | high |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2608
|
MAVEN:GHSA-FWQR-3PVP-PJWQ | Deserialization of Untrusted Data in Jenkins | high |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2065
|
MAVEN:GHSA-FXJ8-CQCP-3VGQ | Jenkins cross-site scripting (XSS) vulnerability | moderate |
2022-05-17T03:53:42
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2065
|
MAVEN:GHSA-FXJ8-CQCP-3VGQ | Jenkins cross-site scripting (XSS) vulnerability | moderate |
2022-05-17T03:53:42
(2 years ago) |
|
Affected | < 1.565.3 >= 1.566, < 1.583 |
CVE-2014-3662
|
MAVEN:GHSA-FXQR-PX2M-FVC2 | Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability | moderate |
2022-05-17T03:53:35
(2 years ago) |
|
Fixed | = 1.565.3 = 1.583 |
CVE-2014-3662
|
MAVEN:GHSA-FXQR-PX2M-FVC2 | Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability | moderate |
2022-05-17T03:53:35
(2 years ago) |
|
Affected | >= 2.236, <= 2.244 <= 2.235.1 |
CVE-2020-2221
|
MAVEN:GHSA-G4J6-M3M3-CRW8 | Stored XSS vulnerability in Jenkins upstream cause | high |
2022-05-24T17:23:38
(2 years ago) |
|
Fixed | = 2.245 = 2.235.2 |
CVE-2020-2221
|
MAVEN:GHSA-G4J6-M3M3-CRW8 | Stored XSS vulnerability in Jenkins upstream cause | high |
2022-05-24T17:23:38
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000399
|
MAVEN:GHSA-G78X-XMV8-23XP | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000399
|
MAVEN:GHSA-G78X-XMV8-23XP | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | < 1.586 |
CVE-2014-9634
|
MAVEN:GHSA-G7CF-WG27-QW87 | Jenkins secure flag not set on session cookies | moderate |
2022-05-17T00:50:18
(2 years ago) |
|
Fixed | = 1.586 |
CVE-2014-9634
|
MAVEN:GHSA-G7CF-WG27-QW87 | Jenkins secure flag not set on session cookies | moderate |
2022-05-17T00:50:18
(2 years ago) |
|
Affected | > 2.222.1, <= 2.227 <= 2.204.5 |
CVE-2020-2161
|
MAVEN:GHSA-G8PG-QRVM-WGH2 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:12:40
(2 years ago) |
|
Fixed | = 2.228 = 2.204.6 |
CVE-2020-2161
|
MAVEN:GHSA-G8PG-QRVM-WGH2 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:12:40
(2 years ago) |
|
Affected | >= 2.236, <= 2.244 <= 2.235.1 |
CVE-2020-2223
|
MAVEN:GHSA-GFHJ-524Q-GCRM | Stored XSS vulnerability in Jenkins console links | high |
2022-05-24T17:23:38
(2 years ago) |
|
Fixed | = 2.245 = 2.235.2 |
CVE-2020-2223
|
MAVEN:GHSA-GFHJ-524Q-GCRM | Stored XSS vulnerability in Jenkins console links | high |
2022-05-24T17:23:38
(2 years ago) |
|
Affected | >= 2.205, < 2.219 < 2.204.2 |
CVE-2020-2100
|
MAVEN:GHSA-GPXV-776P-7GC7 | Jenkins vulnerable to UDP amplification reflection attack | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Fixed | = 2.219 = 2.204.2 |
CVE-2020-2100
|
MAVEN:GHSA-GPXV-776P-7GC7 | Jenkins vulnerable to UDP amplification reflection attack | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Affected | < 1.480.3 >= 1.481, < 1.502 |
CVE-2013-7330
|
MAVEN:GHSA-H5JV-HG68-MJHG | Jenkins allows attackers to configure restricted projects | moderate |
2022-05-17T03:53:55
(2 years ago) |
|
Fixed | = 1.480.3 = 1.502 |
CVE-2013-7330
|
MAVEN:GHSA-H5JV-HG68-MJHG | Jenkins allows attackers to configure restricted projects | moderate |
2022-05-17T03:53:55
(2 years ago) |
|
Affected | >= 2.376, < 2.387.1 >= 2.388, < 2.394 < 2.375.4 |
CVE-2023-27901
|
MAVEN:GHSA-H76P-MC68-JV3P | Denial of service in Jenkins Core | high |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.387.1 = 2.394 = 2.375.4 |
CVE-2023-27901
|
MAVEN:GHSA-H76P-MC68-JV3P | Denial of service in Jenkins Core | high |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | >= 2.470, < 2.471 >= 2.460, < 2.462.1 < 2.452.4 |
CVE-2024-43044
|
MAVEN:GHSA-H856-FFVV-XVR4 | Jenkins Remoting library arbitrary file read vulnerability | critical |
2024-08-07T15:30:42
(5 weeks ago) |
|
Fixed | = 2.471 = 2.462.1 = 2.452.4 |
CVE-2024-43044
|
MAVEN:GHSA-H856-FFVV-XVR4 | Jenkins Remoting library arbitrary file read vulnerability | critical |
2024-08-07T15:30:42
(5 weeks ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000401
|
MAVEN:GHSA-H8C5-C92G-JQ6X | Improper Input Validation in Jenkins | low |
2022-05-14T01:04:35
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000401
|
MAVEN:GHSA-H8C5-C92G-JQ6X | Improper Input Validation in Jenkins | low |
2022-05-14T01:04:35
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000398
|
MAVEN:GHSA-H972-CWJV-2V39 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000398
|
MAVEN:GHSA-H972-CWJV-2V39 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Affected | >= 2.177, <= 2.185 <= 2.176.1 |
CVE-2019-10353
|
MAVEN:GHSA-HCXF-RQ72-H4RR | Cross-Site Request Forgery in Jenkins | high |
2022-05-24T16:50:30
(2 years ago) |
|
Fixed | = 2.186 = 2.176.2 |
CVE-2019-10353
|
MAVEN:GHSA-HCXF-RQ72-H4RR | Cross-Site Request Forgery in Jenkins | high |
2022-05-24T16:50:30
(2 years ago) |
|
Affected | >= 2.388, < 2.394 >= 2.376, < 2.387.1 < 2.375.4 |
CVE-2023-27899
|
MAVEN:GHSA-HF9H-VV4M-2F33 | Incorrect Authorization in Jenkins Core | high |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.394 = 2.387.1 = 2.375.4 |
CVE-2023-27899
|
MAVEN:GHSA-HF9H-VV4M-2F33 | Incorrect Authorization in Jenkins Core | high |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | >= 2.177, <= 2.196 <= 2.176.3 |
CVE-2019-10401
|
MAVEN:GHSA-HG6G-JJ7G-X6V2 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Fixed | = 2.197 = 2.176.4 |
CVE-2019-10401
|
MAVEN:GHSA-HG6G-JJ7G-X6V2 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Affected | >= 2.140, <= 2.153 <= 2.138.3 |
CVE-2018-1000861
|
MAVEN:GHSA-HHPM-5CP2-HG4X | Deserialization of Untrusted Data in Jenkins | critical |
2022-05-13T01:01:00
(2 years ago) |
|
Fixed | = 2.154 = 2.138.4 |
CVE-2018-1000861
|
MAVEN:GHSA-HHPM-5CP2-HG4X | Deserialization of Untrusted Data in Jenkins | critical |
2022-05-13T01:01:00
(2 years ago) |
|
Affected | >= 2.140, <= 2.153 <= 2.138.3 |
CVE-2018-1000862
|
MAVEN:GHSA-HPH9-9VCQ-F7GP | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.154 = 2.138.4 |
CVE-2018-1000862
|
MAVEN:GHSA-HPH9-9VCQ-F7GP | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | >= 2.415, < 2.424 >= 2.50, < 2.414.2 |
CVE-2023-43498
|
MAVEN:GHSA-HQ87-H4JG-VXFW | Jenkins temporary uploaded file created with insecure permissions | low |
2023-09-20T18:30:21
(12 months ago) |
|
Fixed | = 2.424 = 2.414.2 |
CVE-2023-43498
|
MAVEN:GHSA-HQ87-H4JG-VXFW | Jenkins temporary uploaded file created with insecure permissions | low |
2023-09-20T18:30:21
(12 months ago) |
|
Affected | >= 2.140, <= 2.145 <= 2.138.1 |
CVE-2018-1000407
|
MAVEN:GHSA-HV45-5J9H-7FHG | Cross-site Scripting in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.146 = 2.138.2 |
CVE-2018-1000407
|
MAVEN:GHSA-HV45-5J9H-7FHG | Cross-site Scripting in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | >= 2.236, <= 2.251 <= 2.235.3 |
CVE-2020-2229
|
MAVEN:GHSA-HVMC-7G2X-R3P9 | Jenkins Cross-Site Scripting vulnerability in help icons | high |
2022-05-24T17:25:24
(2 years ago) |
|
Fixed | = 2.252 = 2.235.4 |
CVE-2020-2229
|
MAVEN:GHSA-HVMC-7G2X-R3P9 | Jenkins Cross-Site Scripting vulnerability in help icons | high |
2022-05-24T17:25:24
(2 years ago) |
|
Affected | >= 2.177, <= 2.196 <= 2.176.3 |
CVE-2019-10406
|
MAVEN:GHSA-HW55-F8WC-82M6 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:44
(2 years ago) |
|
Fixed | = 2.197 = 2.176.4 |
CVE-2019-10406
|
MAVEN:GHSA-HW55-F8WC-82M6 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:44
(2 years ago) |
|
Affected | < 2.303.3 >= 2.304, <= 2.318 |
CVE-2021-21689
|
MAVEN:GHSA-J3CQ-H6VH-GX7F | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21689
|
MAVEN:GHSA-J3CQ-H6VH-GX7F | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000393
|
MAVEN:GHSA-J472-MCQ2-95P6 | OS Command Injection in Jenkins | high |
2022-05-14T01:04:30
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000393
|
MAVEN:GHSA-J472-MCQ2-95P6 | OS Command Injection in Jenkins | high |
2022-05-14T01:04:30
(2 years ago) |
|
Affected | < 2.375.4 >= 2.376, < 2.394 |
CVE-2023-27898
|
MAVEN:GHSA-J664-QHH4-HPF8 | Cross-site Scripting vulnerability in Jenkins | high |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.375.4 = 2.394 |
CVE-2023-27898
|
MAVEN:GHSA-J664-QHH4-HPF8 | Cross-site Scripting vulnerability in Jenkins | high |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | >= 2.122, < 2.132 < 2.121.2 |
CVE-2018-1999001
|
MAVEN:GHSA-J8QV-MJ4R-6FW4 | Improper Input Validation in Jenkins | high |
2022-05-13T01:01:00
(2 years ago) |
|
Fixed | = 2.132 = 2.121.2 |
CVE-2018-1999001
|
MAVEN:GHSA-J8QV-MJ4R-6FW4 | Improper Input Validation in Jenkins | high |
2022-05-13T01:01:00
(2 years ago) |
|
Affected | >= 2.34, < 2.44 < 2.32.2 |
CVE-2017-2610
|
MAVEN:GHSA-JFF5-55XJ-4JCQ | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2610
|
MAVEN:GHSA-JFF5-55XJ-4JCQ | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | < 1.650 |
CVE-2016-0790
|
MAVEN:GHSA-JGPR-QRW2-6GP3 | Exposure of Sensitive Information in Jenkins Core | moderate |
2022-05-14T03:58:16
(2 years ago) |
|
Fixed | = 1.650 |
CVE-2016-0790
|
MAVEN:GHSA-JGPR-QRW2-6GP3 | Exposure of Sensitive Information in Jenkins Core | moderate |
2022-05-14T03:58:16
(2 years ago) |
|
Affected | < 1.650 |
CVE-2016-0791
|
MAVEN:GHSA-JMW7-PH6P-33CC | Exposure of Sensitive Information in Jenkins Core | critical |
2022-05-14T03:58:15
(2 years ago) |
|
Fixed | = 1.650 |
CVE-2016-0791
|
MAVEN:GHSA-JMW7-PH6P-33CC | Exposure of Sensitive Information in Jenkins Core | critical |
2022-05-14T03:58:15
(2 years ago) |
|
Affected | >= 2.237, <= 2.251 <= 2.235.3 |
CVE-2020-2231
|
MAVEN:GHSA-JPVQ-V729-7J2H | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:25:24
(2 years ago) |
|
Fixed | = 2.252 = 2.235.4 |
CVE-2020-2231
|
MAVEN:GHSA-JPVQ-V729-7J2H | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T17:25:24
(2 years ago) |
|
Affected | < 1.480.2 >= 1.481, < 1.498 |
CVE-2013-0158
|
MAVEN:GHSA-JWFR-H6JP-9P2G | Jenkins allows attackers to obtain the master cryptographic key | low |
2022-05-05T02:48:30
(2 years ago) |
|
Fixed | = 1.480.2 = 1.498 |
CVE-2013-0158
|
MAVEN:GHSA-JWFR-H6JP-9P2G | Jenkins allows attackers to obtain the master cryptographic key | low |
2022-05-05T02:48:30
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2604
|
MAVEN:GHSA-M93H-5QMX-PPHG | Improper Authentication in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2604
|
MAVEN:GHSA-M93H-5QMX-PPHG | Improper Authentication in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21688
|
MAVEN:GHSA-M9HR-259F-2V23 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21688
|
MAVEN:GHSA-M9HR-259F-2V23 | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | >= 2.332, < 2.332.4 >= 2.340, < 2.356 |
CVE-2022-34172
|
MAVEN:GHSA-MHP7-3393-PFQR | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Fixed | = 2.332.4 = 2.356 |
CVE-2022-34172
|
MAVEN:GHSA-MHP7-3393-PFQR | Cross-site Scripting vulnerability in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Affected | >= 2.264, <= 2.274 <= 2.263.1 |
CVE-2021-21611
|
MAVEN:GHSA-MJ7Q-CMF3-MG7H | Stored XSS vulnerability in Jenkins on new item page | moderate |
2022-05-24T17:39:13
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21611
|
MAVEN:GHSA-MJ7Q-CMF3-MG7H | Stored XSS vulnerability in Jenkins on new item page | moderate |
2022-05-24T17:39:13
(2 years ago) |
|
Affected | >= 2.122, <= 2.132 < 2.121.2 |
CVE-2018-1999003
|
MAVEN:GHSA-P265-XR98-3VMR | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:00:59
(2 years ago) |
|
Fixed | = 2.133 = 2.121.2 |
CVE-2018-1999003
|
MAVEN:GHSA-P265-XR98-3VMR | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:00:59
(2 years ago) |
|
Affected | >= 2.335, < 2.356 |
CVE-2022-34175
|
MAVEN:GHSA-P3RC-946H-8CF5 | Unauthorized view fragment access in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Fixed | = 2.356 |
CVE-2022-34175
|
MAVEN:GHSA-P3RC-946H-8CF5 | Unauthorized view fragment access in Jenkins | high |
2022-06-24T00:00:31
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000400
|
MAVEN:GHSA-P8X8-P473-MMMV | Missing Authorization in Jenkins | moderate |
2022-05-13T01:18:20
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000400
|
MAVEN:GHSA-P8X8-P473-MMMV | Missing Authorization in Jenkins | moderate |
2022-05-13T01:18:20
(2 years ago) |
|
Affected | >= 2.320, < 2.330 < 2.319.2 |
CVE-2022-20612
|
MAVEN:GHSA-P92Q-7FHH-MQ35 | Cross-Site Request Forgery in Jenkins | moderate |
2022-01-21T23:37:57
(2 years ago) |
|
Fixed | = 2.330 = 2.319.2 |
CVE-2022-20612
|
MAVEN:GHSA-P92Q-7FHH-MQ35 | Cross-Site Request Forgery in Jenkins | moderate |
2022-01-21T23:37:57
(2 years ago) |
|
Affected | < 1.424.2 >= 1.425, < 1.447 |
CVE-2012-0785
|
MAVEN:GHSA-PCHP-C5W8-47GC | Hash collision attack vulnerability in Jenkins | high |
2022-04-23T00:40:48
(2 years ago) |
|
Fixed | = 1.424.2 = 1.447 |
CVE-2012-0785
|
MAVEN:GHSA-PCHP-C5W8-47GC | Hash collision attack vulnerability in Jenkins | high |
2022-04-23T00:40:48
(2 years ago) |
|
Affected | <= 2.303.2 >= 2.304, <= 2.318 |
CVE-2021-21694
|
MAVEN:GHSA-PGJ6-JMJ5-WQFX | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Fixed | = 2.303.3 = 2.319 |
CVE-2021-21694
|
MAVEN:GHSA-PGJ6-JMJ5-WQFX | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | critical |
2022-05-24T19:19:44
(2 years ago) |
|
Affected | >= 2.122, < 2.132 < 2.121.2 |
CVE-2018-1999005
|
MAVEN:GHSA-PGXV-H967-FW2Q | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Fixed | = 2.132 = 2.121.2 |
CVE-2018-1999005
|
MAVEN:GHSA-PGXV-H967-FW2Q | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2068
|
MAVEN:GHSA-PV88-J6RG-R56P | Jenkins allows attackers to obtain sensitive information | low |
2022-05-17T03:53:42
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2068
|
MAVEN:GHSA-PV88-J6RG-R56P | Jenkins allows attackers to obtain sensitive information | low |
2022-05-17T03:53:42
(2 years ago) |
|
Affected | < 2.277.2 >= 2.278, <= 2.286 |
CVE-2021-21639
|
MAVEN:GHSA-PVWX-3JX5-24R2 | Lack of type validation in agent related REST API in Jenkins | moderate |
2022-05-24T17:46:47
(2 years ago) |
|
Fixed | = 2.277.2 = 2.287 |
CVE-2021-21639
|
MAVEN:GHSA-PVWX-3JX5-24R2 | Lack of type validation in agent related REST API in Jenkins | moderate |
2022-05-24T17:46:47
(2 years ago) |
|
Affected | >= 2.34, < 2.44 < 2.32.2 |
CVE-2017-2613
|
MAVEN:GHSA-PWV6-872C-GCG6 | Cross-Site Request Forgery in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2613
|
MAVEN:GHSA-PWV6-872C-GCG6 | Cross-Site Request Forgery in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | >= 2.264, < 2.275 < 2.263.2 |
CVE-2021-21605
|
MAVEN:GHSA-PXGQ-GQR9-5GWX | Path traversal vulnerability in Jenkins agent names | high |
2022-05-24T17:39:13
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21605
|
MAVEN:GHSA-PXGQ-GQR9-5GWX | Path traversal vulnerability in Jenkins agent names | high |
2022-05-24T17:39:13
(2 years ago) |
|
Affected | >= 2.122, < 2.138 < 2.121.3 |
CVE-2018-1999045
|
MAVEN:GHSA-Q4CQ-R7HG-PXQQ | Improper Authentication in Jenkins | moderate |
2022-05-14T01:04:56
(2 years ago) |
|
Fixed | = 2.138 = 2.121.3 |
CVE-2018-1999045
|
MAVEN:GHSA-Q4CQ-R7HG-PXQQ | Improper Authentication in Jenkins | moderate |
2022-05-14T01:04:56
(2 years ago) |
|
Affected | >= 2.292, <= 2.299 <= 2.289.1 |
CVE-2021-21670
|
MAVEN:GHSA-Q4WP-8C99-69PW | Improper permission checks allow canceling queue items and aborting builds in Jenkins | moderate |
2022-05-24T19:06:36
(2 years ago) |
|
Fixed | = 2.300 = 2.289.2 |
CVE-2021-21670
|
MAVEN:GHSA-Q4WP-8C99-69PW | Improper permission checks allow canceling queue items and aborting builds in Jenkins | moderate |
2022-05-24T19:06:36
(2 years ago) |
|
Affected | < 1.502 |
CVE-2013-0328
|
MAVEN:GHSA-Q5F8-FXRX-PW6F | Jenkins subject to Cross-site Scripting | moderate |
2022-05-05T02:48:48
(2 years ago) |
|
Fixed | = 1.502 |
CVE-2013-0328
|
MAVEN:GHSA-Q5F8-FXRX-PW6F | Jenkins subject to Cross-site Scripting | moderate |
2022-05-05T02:48:48
(2 years ago) |
|
Affected | >= 2.177, <= 2.196 <= 2.176.3 |
CVE-2019-10402
|
MAVEN:GHSA-Q6Q9-83XW-MP6P | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Fixed | = 2.197 = 2.176.4 |
CVE-2019-10402
|
MAVEN:GHSA-Q6Q9-83XW-MP6P | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-24T22:00:43
(2 years ago) |
|
Affected | >= 2.122, < 2.132 < 2.121.2 |
CVE-2018-1999002
|
MAVEN:GHSA-QF38-F2FR-Q4X9 | Improper Input Validation in Jenkins | high |
2022-05-13T01:01:02
(2 years ago) |
|
Fixed | = 2.132 = 2.121.2 |
CVE-2018-1999002
|
MAVEN:GHSA-QF38-F2FR-Q4X9 | Improper Input Validation in Jenkins | high |
2022-05-13T01:01:02
(2 years ago) |
|
Affected | < 1.596.1 >= 1.597, < 1.600 |
CVE-2015-1811
|
MAVEN:GHSA-QG7X-4H4Q-3M49 | XML external entity (XXE) vulnerability in Jenkins | high |
2022-05-24T17:06:12
(2 years ago) |
|
Fixed | = 1.596.1 = 1.600 |
CVE-2015-1811
|
MAVEN:GHSA-QG7X-4H4Q-3M49 | XML external entity (XXE) vulnerability in Jenkins | high |
2022-05-24T17:06:12
(2 years ago) |
|
Affected | >= 2.236, <= 2.244 <= 2.235.1 |
CVE-2020-2220
|
MAVEN:GHSA-QGJ4-RC8M-44MQ | Stored XSS vulnerability in Jenkins job build time trend | high |
2022-05-24T17:23:38
(2 years ago) |
|
Fixed | = 2.245 = 2.235.2 |
CVE-2020-2220
|
MAVEN:GHSA-QGJ4-RC8M-44MQ | Stored XSS vulnerability in Jenkins job build time trend | high |
2022-05-24T17:23:38
(2 years ago) |
|
Affected | < 1.596.1 >= 1.597, < 1.600 |
CVE-2015-1809
|
MAVEN:GHSA-QJ27-W92H-FC9R | XML external entity (XXE) vulnerability in Jenkins | high |
2022-05-24T17:06:12
(2 years ago) |
|
Fixed | = 1.596.1 = 1.600 |
CVE-2015-1809
|
MAVEN:GHSA-QJ27-W92H-FC9R | XML external entity (XXE) vulnerability in Jenkins | high |
2022-05-24T17:06:12
(2 years ago) |
|
Affected | >= 2.205, < 2.214 < 2.204.2 |
CVE-2020-2099
|
MAVEN:GHSA-QP4F-2W67-C8HW | Inbound TCP Agent Protocol/3 authentication bypass in Jenkins | high |
2022-05-24T17:07:40
(2 years ago) |
|
Fixed | = 2.214 = 2.204.2 |
CVE-2020-2099
|
MAVEN:GHSA-QP4F-2W67-C8HW | Inbound TCP Agent Protocol/3 authentication bypass in Jenkins | high |
2022-05-24T17:07:40
(2 years ago) |
|
Affected | >= 2.165, <= 2.171 <= 2.164.1 |
CVE-2019-1003050
|
MAVEN:GHSA-QPG9-83FV-X9CH | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Fixed | = 2.172 = 2.164.2 |
CVE-2019-1003050
|
MAVEN:GHSA-QPG9-83FV-X9CH | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Affected | >= 2.177, <= 2.185 <= 2.176.1 |
CVE-2019-10352
|
MAVEN:GHSA-QR42-82QJ-MW65 | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | moderate |
2022-05-24T16:50:30
(2 years ago) |
|
Fixed | = 2.186 = 2.176.2 |
CVE-2019-10352
|
MAVEN:GHSA-QR42-82QJ-MW65 | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | moderate |
2022-05-24T16:50:30
(2 years ago) |
|
Affected | >= 2.415, < 2.424 >= 2.50, < 2.414.2 |
CVE-2023-43497
|
MAVEN:GHSA-QV64-W99C-QCR9 | Jenkins temporary uploaded file created with insecure permissions | low |
2023-09-20T18:30:21
(12 months ago) |
|
Fixed | = 2.424 = 2.414.2 |
CVE-2023-43497
|
MAVEN:GHSA-QV64-W99C-QCR9 | Jenkins temporary uploaded file created with insecure permissions | low |
2023-09-20T18:30:21
(12 months ago) |
|
Affected | >= 2.264, <= 2.274 <= 2.263.1 |
CVE-2021-21604
|
MAVEN:GHSA-QV6F-RCV6-6Q3X | Improper handling of REST API XML deserialization errors in Jenkins | high |
2022-05-24T17:39:12
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21604
|
MAVEN:GHSA-QV6F-RCV6-6Q3X | Improper handling of REST API XML deserialization errors in Jenkins | high |
2022-05-24T17:39:12
(2 years ago) |
|
Affected | >= 2.264, <= 2.275 <= 2.263.2 |
CVE-2021-21615
|
MAVEN:GHSA-QXP6-27GW-99CJ | Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins | moderate |
2022-05-24T17:40:19
(2 years ago) |
|
Fixed | = 2.276 = 2.263.3 |
CVE-2021-21615
|
MAVEN:GHSA-QXP6-27GW-99CJ | Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins | moderate |
2022-05-24T17:40:19
(2 years ago) |
|
Affected | >= 2.122, <= 2.137 <= 2.121.2 |
CVE-2018-1999047
|
MAVEN:GHSA-R2JF-RC5V-VMPV | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:50:56
(2 years ago) |
|
Fixed | = 2.138 = 2.121.3 |
CVE-2018-1999047
|
MAVEN:GHSA-R2JF-RC5V-VMPV | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:50:56
(2 years ago) |
|
Affected | <= 2.46.1 >= 2.50, <= 2.56 |
CVE-2017-1000354
|
MAVEN:GHSA-R57F-7XW3-Q2R9 | Improper Authentication in Jenkins | high |
2022-05-14T03:44:30
(2 years ago) |
|
Fixed | = 2.46.2 = 2.57 |
CVE-2017-1000354
|
MAVEN:GHSA-R57F-7XW3-Q2R9 | Improper Authentication in Jenkins | high |
2022-05-14T03:44:30
(2 years ago) |
|
Affected | < 1.565.3 >= 1.566, < 1.583 |
CVE-2014-3661
|
MAVEN:GHSA-R5M2-G5GC-Q43R | Jenkins Denial of Service vulnerability | moderate |
2022-05-17T03:53:42
(2 years ago) |
|
Fixed | = 1.565.3 = 1.583 |
CVE-2014-3661
|
MAVEN:GHSA-R5M2-G5GC-Q43R | Jenkins Denial of Service vulnerability | moderate |
2022-05-17T03:53:42
(2 years ago) |
|
Affected | >= 2.90, <= 2.94 >= 2.81, <= 2.89.1 |
CVE-2017-1000503
|
MAVEN:GHSA-R5X3-2446-HRP7 | Race Condition in Jenkins | high |
2022-05-14T03:45:22
(2 years ago) |
|
Fixed | = 2.95 = 2.89.2 |
CVE-2017-1000503
|
MAVEN:GHSA-R5X3-2446-HRP7 | Race Condition in Jenkins | high |
2022-05-14T03:45:22
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2601
|
MAVEN:GHSA-R69C-5J7C-VM6Q | Cross-site Scripting in Jenkins | moderate |
2022-05-13T01:02:35
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2601
|
MAVEN:GHSA-R69C-5J7C-VM6Q | Cross-site Scripting in Jenkins | moderate |
2022-05-13T01:02:35
(2 years ago) |
|
Affected | >= 2.205, <= 2.218 <= 2.204.1 |
CVE-2020-2104
|
MAVEN:GHSA-R78Q-QGX6-64PP | Memory usage graphs accessible to anyone with Overall/Read | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Fixed | = 2.219 = 2.204.2 |
CVE-2020-2104
|
MAVEN:GHSA-R78Q-QGX6-64PP | Memory usage graphs accessible to anyone with Overall/Read | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2598
|
MAVEN:GHSA-R9Q2-3R6X-QMGP | Inadequate Encryption Strength in Jenkins | moderate |
2022-05-13T01:36:56
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2598
|
MAVEN:GHSA-R9Q2-3R6X-QMGP | Inadequate Encryption Strength in Jenkins | moderate |
2022-05-13T01:36:56
(2 years ago) |
|
Affected | >= 2.108, <= 2.120 <= 2.107.2 |
CVE-2018-1000195
|
MAVEN:GHSA-RGMJ-MCCJ-H9MX | Cross-Site Request Forgery in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Fixed | = 2.121 = 2.107.3 |
CVE-2018-1000195
|
MAVEN:GHSA-RGMJ-MCCJ-H9MX | Cross-Site Request Forgery in Jenkins | moderate |
2022-05-13T01:01:01
(2 years ago) |
|
Affected | < 1.480.3 >= 1.481, < 1.502 |
CVE-2013-0327
|
MAVEN:GHSA-RQHG-CXFR-8XQW | Jenkins Cross-Site Request Forgery vulnerability | moderate |
2022-05-05T02:48:48
(2 years ago) |
|
Fixed | = 1.480.3 = 1.502 |
CVE-2013-0327
|
MAVEN:GHSA-RQHG-CXFR-8XQW | Jenkins Cross-Site Request Forgery vulnerability | moderate |
2022-05-05T02:48:48
(2 years ago) |
|
Affected | >= 2.140, <= 2.145 <= 2.138.1 |
CVE-2018-1000409
|
MAVEN:GHSA-RR6R-P7RW-369C | Session Fixation in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Fixed | = 2.146 = 2.138.2 |
CVE-2018-1000409
|
MAVEN:GHSA-RR6R-P7RW-369C | Session Fixation in Jenkins | moderate |
2022-05-14T01:04:36
(2 years ago) |
|
Affected | >= 2.388, < 2.394 >= 2.376, < 2.387.1 < 2.375.4 |
CVE-2023-27904
|
MAVEN:GHSA-RRGP-C2W8-6VG6 | Information disclosure through error stack traces related to agents | low |
2023-03-10T21:30:19
(18 months ago) |
|
Fixed | = 2.394 = 2.387.1 = 2.375.4 |
CVE-2023-27904
|
MAVEN:GHSA-RRGP-C2W8-6VG6 | Information disclosure through error stack traces related to agents | low |
2023-03-10T21:30:19
(18 months ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2061
|
MAVEN:GHSA-RXFV-GM5X-9WQJ | Jenkin allows attackers to obtain passwords by reading the HTML source code | moderate |
2022-05-17T03:53:54
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2061
|
MAVEN:GHSA-RXFV-GM5X-9WQJ | Jenkin allows attackers to obtain passwords by reading the HTML source code | moderate |
2022-05-17T03:53:54
(2 years ago) |
|
Affected | >= 2.34, < 2.44 < 2.32.2 |
CVE-2017-2609
|
MAVEN:GHSA-V222-W2MW-XJC6 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2609
|
MAVEN:GHSA-V222-W2MW-XJC6 | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2059
|
MAVEN:GHSA-V759-3FH9-84MX | Jenkins directory traversal vulnerability | moderate |
2022-05-17T01:26:47
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2059
|
MAVEN:GHSA-V759-3FH9-84MX | Jenkins directory traversal vulnerability | moderate |
2022-05-17T01:26:47
(2 years ago) |
|
Affected | >= 2.177, <= 2.191 <= 2.176.2 |
CVE-2019-10384
|
MAVEN:GHSA-VCR8-H8QP-QJ8H | Cross-Site Request Forgery in Jenkins | high |
2022-05-24T16:55:01
(2 years ago) |
|
Fixed | = 2.192 = 2.176.3 |
CVE-2019-10384
|
MAVEN:GHSA-VCR8-H8QP-QJ8H | Cross-Site Request Forgery in Jenkins | high |
2022-05-24T16:55:01
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2067
|
MAVEN:GHSA-VJ6Q-V2H7-6Q5M | Jenkins cross-site scripting (XSS) vulnerability | moderate |
2022-05-17T01:26:46
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2067
|
MAVEN:GHSA-VJ6Q-V2H7-6Q5M | Jenkins cross-site scripting (XSS) vulnerability | moderate |
2022-05-17T01:26:46
(2 years ago) |
|
Affected | >= 2.264, <= 2.274 <= 2.263.1 |
CVE-2021-21602
|
MAVEN:GHSA-VPJM-58CW-R8Q5 | Arbitrary file read vulnerability in workspace browsers in Jenkins | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Fixed | = 2.275 = 2.263.2 |
CVE-2021-21602
|
MAVEN:GHSA-VPJM-58CW-R8Q5 | Arbitrary file read vulnerability in workspace browsers in Jenkins | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Affected | < 1.532.2 >= 1.533, < 1.551 |
CVE-2014-2062
|
MAVEN:GHSA-VXC6-WVH8-FPXW | Jenkins does not invalidate the API token when a user is deleted | moderate |
2022-05-17T03:53:54
(2 years ago) |
|
Fixed | = 1.532.2 = 1.551 |
CVE-2014-2062
|
MAVEN:GHSA-VXC6-WVH8-FPXW | Jenkins does not invalidate the API token when a user is deleted | moderate |
2022-05-17T03:53:54
(2 years ago) |
|
Affected | < 2.277.2 >= 2.278, <= 2.286 |
CVE-2021-21640
|
MAVEN:GHSA-W2HV-RCQR-2H7R | View name validation bypass in Jenkins | moderate |
2022-05-24T17:46:47
(2 years ago) |
|
Fixed | = 2.277.2 = 2.287 |
CVE-2021-21640
|
MAVEN:GHSA-W2HV-RCQR-2H7R | View name validation bypass in Jenkins | moderate |
2022-05-24T17:46:47
(2 years ago) |
|
Affected | >= 1.600, < 1.606 < 1.596.2 |
CVE-2015-1812
|
MAVEN:GHSA-W5V7-Q2J4-FVPF | Jenkins Cross-site Scripting vulnerability | moderate |
2022-05-17T03:53:16
(2 years ago) |
|
Fixed | = 1.606 = 1.596.2 |
CVE-2015-1812
|
MAVEN:GHSA-W5V7-Q2J4-FVPF | Jenkins Cross-site Scripting vulnerability | moderate |
2022-05-17T03:53:16
(2 years ago) |
|
Affected | >= 2.205, <= 2.218 <= 2.204.1 |
CVE-2020-2101
|
MAVEN:GHSA-W7JR-WQW6-54XC | Non-constant time comparison of inbound TCP agent connection secret | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Fixed | = 2.219 = 2.204.2 |
CVE-2020-2101
|
MAVEN:GHSA-W7JR-WQW6-54XC | Non-constant time comparison of inbound TCP agent connection secret | moderate |
2022-05-24T17:07:40
(2 years ago) |
|
Affected | >= 2.34, < 2.44 < 2.32.2 |
CVE-2017-2612
|
MAVEN:GHSA-WF9G-RH76-6JVR | Incorrect Permission Assignment for Critical Resource in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2612
|
MAVEN:GHSA-WF9G-RH76-6JVR | Incorrect Permission Assignment for Critical Resource in Jenkins | moderate |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | >= 2.74, <= 2.88 <= 2.73.2 |
CVE-2017-1000391
|
MAVEN:GHSA-WFJ3-535M-P6FX | Improper Input Validation in Jenkins | high |
2022-05-14T01:04:30
(2 years ago) |
|
Fixed | = 2.89 = 2.73.3 |
CVE-2017-1000391
|
MAVEN:GHSA-WFJ3-535M-P6FX | Improper Input Validation in Jenkins | high |
2022-05-14T01:04:30
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2600
|
MAVEN:GHSA-WJ5C-J656-H5FW | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:36:55
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2600
|
MAVEN:GHSA-WJ5C-J656-H5FW | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:36:55
(2 years ago) |
|
Affected | >= 2.122, < 2.132 < 2.121.2 |
CVE-2018-1999004
|
MAVEN:GHSA-WMR8-25FF-GGPJ | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Fixed | = 2.132 = 2.121.2 |
CVE-2018-1999004
|
MAVEN:GHSA-WMR8-25FF-GGPJ | Incorrect Authorization in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Affected | >= 2.74, <= 2.83 <= 2.73.1 |
CVE-2017-1000395
|
MAVEN:GHSA-WQV4-9GR3-3QGH | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Fixed | = 2.84 = 2.73.2 |
CVE-2017-1000395
|
MAVEN:GHSA-WQV4-9GR3-3QGH | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-14T01:04:35
(2 years ago) |
|
Affected | >= 2.263.2, <= 2.274 < 2.263.1 |
CVE-2021-21608
|
MAVEN:GHSA-WV63-GWR9-5C55 | Stored XSS vulnerability in Jenkins button labels | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Fixed | = 2.275 |
CVE-2021-21608
|
MAVEN:GHSA-WV63-GWR9-5C55 | Stored XSS vulnerability in Jenkins button labels | moderate |
2022-05-24T17:39:12
(2 years ago) |
|
Affected | < 1.640 |
CVE-2015-7536
|
MAVEN:GHSA-X3P3-929J-PQ66 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-17T03:53:41
(2 years ago) |
|
Fixed | = 1.640 |
CVE-2015-7536
|
MAVEN:GHSA-X3P3-929J-PQ66 | Improper Neutralization of Input During Web Page Generation in Jenkins | moderate |
2022-05-17T03:53:41
(2 years ago) |
|
Affected | < 2.94 |
CVE-2017-17383
|
MAVEN:GHSA-X3RC-CXV7-6XP6 | Cross-site Scripting in Jenkins Core | moderate |
2022-05-14T04:04:08
(2 years ago) |
|
Fixed | = 2.94 |
CVE-2017-17383
|
MAVEN:GHSA-X3RC-CXV7-6XP6 | Cross-site Scripting in Jenkins Core | moderate |
2022-05-14T04:04:08
(2 years ago) |
|
Affected | >= 2.34, <= 2.43 <= 2.32.1 |
CVE-2017-2603
|
MAVEN:GHSA-X55P-6526-XMMP | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | low |
2022-05-13T01:36:54
(2 years ago) |
|
Fixed | = 2.44 = 2.32.2 |
CVE-2017-2603
|
MAVEN:GHSA-X55P-6526-XMMP | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | low |
2022-05-13T01:36:54
(2 years ago) |
|
Affected | >= 2.108, <= 2.120 <= 2.107.2 |
CVE-2018-1000194
|
MAVEN:GHSA-X646-M7X2-GCP7 | Path Traversal in Jenkins | high |
2022-05-13T01:01:01
(2 years ago) |
|
Fixed | = 2.121 = 2.107.3 |
CVE-2018-1000194
|
MAVEN:GHSA-X646-M7X2-GCP7 | Path Traversal in Jenkins | high |
2022-05-13T01:01:01
(2 years ago) |
|
Affected | >= 2.90, <= 2.106 <= 2.89.3 |
CVE-2018-1000068
|
MAVEN:GHSA-X6JW-2F23-MC5J | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Fixed | = 2.107 = 2.89.4 |
CVE-2018-1000068
|
MAVEN:GHSA-X6JW-2F23-MC5J | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | moderate |
2022-05-13T01:01:02
(2 years ago) |
|
Affected | >= 2.367, < 2.370 |
CVE-2022-41224
|
MAVEN:GHSA-XPVP-H73C-M9RQ | Jenkins vulnerable to stored cross site scripting in the I:helpIcon component | high |
2022-09-22T00:00:28
(2 years ago) |
|
Fixed | = 2.370 |
CVE-2022-41224
|
MAVEN:GHSA-XPVP-H73C-M9RQ | Jenkins vulnerable to stored cross site scripting in the I:helpIcon component | high |
2022-09-22T00:00:28
(2 years ago) |