Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.34%
  • Veröffentlicht 04.07.2025 08:36:35
  • Zuletzt bearbeitet 18.08.2025 19:02:46

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a mal...

  • EPSS 0.39%
  • Veröffentlicht 02.04.2025 15:15:59
  • Zuletzt bearbeitet 29.04.2025 14:03:21

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.

  • EPSS 0.38%
  • Veröffentlicht 02.04.2025 15:15:59
  • Zuletzt bearbeitet 29.04.2025 13:56:43

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

  • EPSS 0.32%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:46:38

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.

  • EPSS 0.41%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:45:20

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

  • EPSS 0.58%
  • Veröffentlicht 05.03.2025 23:15:14
  • Zuletzt bearbeitet 24.06.2025 00:42:16

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different si...

  • EPSS 0.73%
  • Veröffentlicht 05.03.2025 23:15:13
  • Zuletzt bearbeitet 24.06.2025 00:48:40

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.

  • EPSS 0.82%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 19.03.2025 18:15:23

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.

  • EPSS 0.67%
  • Veröffentlicht 02.10.2024 16:15:10
  • Zuletzt bearbeitet 14.03.2025 16:15:36

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2...

  • EPSS 28.78%
  • Veröffentlicht 07.08.2024 14:15:33
  • Zuletzt bearbeitet 14.03.2025 20:15:13

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.