Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.26%
  • Veröffentlicht 07.08.2024 14:15:33
  • Zuletzt bearbeitet 25.03.2025 17:16:05

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

  • EPSS 0.79%
  • Veröffentlicht 02.05.2024 14:15:10
  • Zuletzt bearbeitet 06.06.2025 15:28:57

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefined...

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 24.01.2024 18:15:09
  • Zuletzt bearbeitet 24.10.2025 14:49:09

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitra...

  • EPSS 66.92%
  • Veröffentlicht 24.01.2024 18:15:09
  • Zuletzt bearbeitet 21.11.2024 08:58:39

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, al...

Exploit
  • EPSS 3.75%
  • Veröffentlicht 10.10.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:47

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their ...

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • EPSS 3.39%
  • Veröffentlicht 20.09.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:24:09

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permi...

  • EPSS 0.88%
  • Veröffentlicht 20.09.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:24:09

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control th...

  • EPSS 0.94%
  • Veröffentlicht 20.09.2023 17:15:11
  • Zuletzt bearbeitet 02.05.2025 16:15:22

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the ...

  • EPSS 0.8%
  • Veröffentlicht 20.09.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 08:24:09

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowin...