Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.33%
  • Veröffentlicht 18.02.2026 14:17:44
  • Zuletzt bearbeitet 20.02.2026 20:53:16

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about t...

  • EPSS 0.51%
  • Veröffentlicht 18.02.2026 14:17:43
  • Zuletzt bearbeitet 20.02.2026 20:52:03

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability e...

  • EPSS 0.16%
  • Veröffentlicht 10.12.2025 16:50:38
  • Zuletzt bearbeitet 17.12.2025 20:23:49

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

  • EPSS 0.14%
  • Veröffentlicht 10.12.2025 16:50:37
  • Zuletzt bearbeitet 17.12.2025 17:37:39

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

  • EPSS 0.22%
  • Veröffentlicht 10.12.2025 16:50:36
  • Zuletzt bearbeitet 17.12.2025 17:39:26

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.

  • EPSS 0.16%
  • Veröffentlicht 10.12.2025 16:50:36
  • Zuletzt bearbeitet 17.12.2025 17:39:11

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controlle...

  • EPSS 0.52%
  • Veröffentlicht 10.12.2025 16:50:35
  • Zuletzt bearbeitet 17.12.2025 17:39:45

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.

  • EPSS 0.34%
  • Veröffentlicht 17.09.2025 13:17:48
  • Zuletzt bearbeitet 04.11.2025 22:16:35

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters...

  • EPSS 4.74%
  • Veröffentlicht 17.09.2025 13:17:47
  • Zuletzt bearbeitet 04.11.2025 22:16:35

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent name...

  • EPSS 0.45%
  • Veröffentlicht 17.09.2025 13:17:47
  • Zuletzt bearbeitet 04.11.2025 22:16:35

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration ...