Jenkins

Jenkins

251 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-47803

  • EPSS 0.1%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 19.03.2025 18:15:23

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.

4.3

CVE-2024-47804

  • EPSS 0.18%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 14.03.2025 16:15:36

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2...

8.8

CVE-2024-43044

  • EPSS 45.97%
  • Veröffentlicht 07.08.2024 14:15:33
  • Zuletzt bearbeitet 14.03.2025 20:15:13

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

6.3

CVE-2024-43045

  • EPSS 0.16%
  • Veröffentlicht 07.08.2024 14:15:33
  • Zuletzt bearbeitet 25.03.2025 17:16:05

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

6.8

CVE-2024-34148

  • EPSS 0.31%
  • Veröffentlicht 02.05.2024 14:15:10
  • Zuletzt bearbeitet 06.06.2025 15:28:57

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefined...

9.8

CVE-2024-23897

Warnung Medienbericht Exploit
  • EPSS 94.47%
  • Veröffentlicht 24.01.2024 18:15:09
  • Zuletzt bearbeitet 20.12.2024 17:30:33

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitra...

8.8

CVE-2024-23898

  • EPSS 26.46%
  • Veröffentlicht 24.01.2024 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:58:39

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, al...

7.5

CVE-2023-36478

Exploit
  • EPSS 1.03%
  • Veröffentlicht 10.10.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:47

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their ...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

4.3

CVE-2023-43494

  • EPSS 42.1%
  • Veröffentlicht 20.09.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:24:09

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permi...