Jenkins

Jenkins

260 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-59474

  • EPSS 0.11%
  • Veröffentlicht 17.09.2025 13:17:47
  • Zuletzt bearbeitet 04.11.2025 22:16:35

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent name...

4.3

CVE-2025-59475

  • EPSS 0.03%
  • Veröffentlicht 17.09.2025 13:17:47
  • Zuletzt bearbeitet 04.11.2025 22:16:35

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration ...

6.5

CVE-2024-9453

  • EPSS 0.07%
  • Veröffentlicht 04.07.2025 08:36:35
  • Zuletzt bearbeitet 18.08.2025 19:02:46

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a mal...

4.3

CVE-2025-31720

  • EPSS 0.11%
  • Veröffentlicht 02.04.2025 15:15:59
  • Zuletzt bearbeitet 29.04.2025 14:03:21

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.

4.3

CVE-2025-31721

  • EPSS 0.11%
  • Veröffentlicht 02.04.2025 15:15:59
  • Zuletzt bearbeitet 29.04.2025 13:56:43

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

4.3

CVE-2025-27623

  • EPSS 0.33%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:46:38

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.

5.4

CVE-2025-27624

  • EPSS 0.06%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:45:20

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

4.3

CVE-2025-27625

  • EPSS 0.09%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:42:16

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different si...

4.3

CVE-2025-27622

  • EPSS 0.11%
  • Veröffentlicht 05.03.2025 23:15:13
  • Zuletzt bearbeitet 24.06.2025 00:48:40

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.

4.3

CVE-2024-47803

  • EPSS 0.63%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 19.03.2025 18:15:23

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.