Jenkins

Jenkins

256 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-31721

  • EPSS 0.19%
  • Veröffentlicht 02.04.2025 15:15:59
  • Zuletzt bearbeitet 29.04.2025 13:56:43

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

4.3

CVE-2025-27623

  • EPSS 0.16%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:46:38

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.

5.4

CVE-2025-27624

  • EPSS 0.06%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:45:20

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

4.3

CVE-2025-27625

  • EPSS 0.1%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:42:16

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different si...

4.3

CVE-2025-27622

  • EPSS 0.06%
  • Veröffentlicht 05.03.2025 23:15:13
  • Zuletzt bearbeitet 24.06.2025 00:48:40

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.

4.3

CVE-2024-47803

  • EPSS 0.35%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 19.03.2025 18:15:23

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.

4.3

CVE-2024-47804

  • EPSS 0.1%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 14.03.2025 16:15:36

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2...

8.8

CVE-2024-43044

  • EPSS 48.5%
  • Veröffentlicht 07.08.2024 14:15:33
  • Zuletzt bearbeitet 14.03.2025 20:15:13

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

6.3

CVE-2024-43045

  • EPSS 0.74%
  • Veröffentlicht 07.08.2024 14:15:33
  • Zuletzt bearbeitet 25.03.2025 17:16:05

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

6.8

CVE-2024-34148

  • EPSS 0.31%
  • Veröffentlicht 02.05.2024 14:15:10
  • Zuletzt bearbeitet 06.06.2025 15:28:57

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefined...