| CVE-2016-0792 |
high |
8.8 |
9.8 |
|
|
|
10y ago |
Jenkins allows Deserialization of Untrusted Data via an XML File |
| CVE-2018-1999002 |
high |
— |
9.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2015-7538 |
high |
8.8 |
8.8 |
|
|
|
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
| CVE-2015-7537 |
high |
8.8 |
8.8 |
|
|
|
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
| CVE-2021-21671 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21670 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21611 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21610 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21607 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21605 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21608 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21603 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21606 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21602 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21609 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21604 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2019-10353 |
high |
— |
8.0 |
|
|
|
4y ago |
Cross-Site Request Forgery in Jenkins |
| CVE-2019-10354 |
high |
— |
8.0 |
|
|
|
4y ago |
Missing Authorization in Jenkins |
| CVE-2019-10352 |
high |
— |
8.0 |
|
|
|
4y ago |
Improper Limitation of a Pathname to a Restricted Directory in Jenkins |
| CVE-2017-1000355 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2017-1000356 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2017-1000354 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999006 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999007 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999004 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999005 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999001 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999003 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2015-7539 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
Jenkins does not Verify Checksums for Plugin Files |
| CVE-2015-5325 |
high |
— |
7.5 |
|
|
|
11y ago |
Jenkins allows Bypass of Access Restrictions |
| CVE-2015-1814 |
high |
— |
7.5 |
|
|
|
11y ago |
Jenkins allows for Privilege Escalation by Remote Authenticated Users |
| CVE-2014-2063 |
high |
— |
7.5 |
|
|
|
12y ago |
Jenkins Vulnerable to Clickjacking |
| CVE-2014-3666 |
high |
— |
7.5 |
|
|
|
12y ago |
Jenkins allows for Code Execution via Crafted Packet to the CLI |
| CVE-2013-0329 |
high |
— |
7.5 |
|
|
|
13y ago |
Jenkins Cross-Site Request Forgery vulnerability |
| CVE-2016-3726 |
high |
7.4 |
7.4 |
|
|
|
10y ago |
Jenkins affected by Open Redirect Vulnerability |
| CVE-2015-5318 |
medium |
— |
6.8 |
|
|
|
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
| CVE-2014-3665 |
medium |
— |
6.8 |
|
|
|
11y ago |
Jenkins improperly ensures trust separation |
| CVE-2014-2066 |
medium |
— |
6.8 |
|
|
|
12y ago |
Jenkins session fixation vulnerability |
| CVE-2013-2034 |
medium |
— |
6.8 |
|
|
|
12y ago |
Jenkins Cross-Site Request Forgery vulnerabilities |
| CVE-2013-0327 |
medium |
— |
6.8 |
|
|
|
13y ago |
Jenkins Cross-Site Request Forgery vulnerability |
| CVE-2016-3724 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
Jenkins Exposes Sensitive Information from Job Configuration |
| CVE-2015-5323 |
medium |
— |
6.5 |
|
|
|
11y ago |
Jenkins allows Administrators to Access API Tokens |
| CVE-2015-1806 |
medium |
— |
6.5 |
|
|
|
11y ago |
Jenkins allows for Privilege Escalation by Remote Authenticated Users |
| CVE-2014-2062 |
medium |
— |
6.5 |
|
|
|
12y ago |
Jenkins does not invalidate the API token when a user is deleted |
| CVE-2014-2058 |
medium |
— |
6.5 |
|
|
|
12y ago |
Jenkins allows attackers to execute arbitrary jobs |
| CVE-2014-2059 |
medium |
— |
6.5 |
|
|
|
12y ago |
Jenkins directory traversal vulnerability |
| CVE-2016-0789 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Jenkins has CRLF Injection Vulnerability in the CLI |
| CVE-2014-3663 |
medium |
— |
6.0 |
|
|
|
12y ago |
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs |
| CVE-2012-6073 |
medium |
— |
5.8 |
|
|
|
14y ago |
Jenkins affected by Open Redirect Vulnerability |
| CVE-2021-21683 |
medium |
— |
5.5 |
|
|
|
4y ago |
Path traversal vulnerability on Windows in Jenkins |
| CVE-2021-21682 |
medium |
— |
5.5 |
|
|
|
4y ago |
Improper handling of equivalent directory names on Windows in Jenkins |
| CVE-2021-21639 |
medium |
— |
5.5 |
|
|
|
4y ago |
Lack of type validation in agent related REST API in Jenkins |
| CVE-2021-21640 |
medium |
— |
5.5 |
|
|
|
4y ago |
View name validation bypass in Jenkins |
| CVE-2021-21615 |
medium |
— |
5.5 |
|
|
|
4y ago |
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins |
| CVE-2019-10383 |
medium |
— |
5.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2019-10384 |
medium |
— |
5.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999043 |
medium |
— |
5.5 |
|
|
|
4y ago |
Missing Release of Resource after Effective Lifetime in Jenkins |
| CVE-2019-1003050 |
medium |
— |
5.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2019-1003049 |
medium |
— |
5.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2015-7536 |
medium |
5.4 |
5.4 |
|
|
|
11y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2014-9635 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Jenkins HttpOnly flag not Set for session cookies |
| CVE-2014-9634 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Jenkins secure flag not set on session cookies |
| CVE-2016-0790 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Exposure of Sensitive Information in Jenkins Core |
| CVE-2013-5573 |
medium |
— |
5.3 |
|
|
|
13y ago |
Jenkins allows Cross-Site Scripting (XSS) in User Configuration |
| CVE-2015-5324 |
medium |
— |
5.0 |
|
|
|
11y ago |
Jenkins allows Unauthorized Viewing of Queue API Information |
| CVE-2015-5322 |
medium |
— |
5.0 |
|
|
|
11y ago |
Jenkins has Local File Inclusion Vulnerability |
| CVE-2015-5321 |
medium |
— |
5.0 |
|
|
|
11y ago |
Jenkins has Information Disclosure via Sidepanel Widget |
| CVE-2015-5320 |
medium |
— |
5.0 |
|
|
|
11y ago |
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2015-5319 |
medium |
— |
5.0 |
|
|
|
11y ago |
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI |
| CVE-2014-2064 |
medium |
— |
5.0 |
|
|
|
12y ago |
Jenkins allows attackers to determine whether a user exists |
| CVE-2014-2061 |
medium |
— |
5.0 |
|
|
|
12y ago |
Jenkin allows attackers to obtain passwords by reading the HTML source code |
| CVE-2014-2060 |
medium |
— |
5.0 |
|
|
|
12y ago |
Jenkins allows Remote Attackers to Hijack Sessions |
| CVE-2014-3662 |
medium |
— |
5.0 |
|
|
|
12y ago |
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
| CVE-2014-3661 |
medium |
— |
5.0 |
|
|
|
12y ago |
Jenkins Denial of Service vulnerability |
| CVE-2017-17383 |
medium |
4.7 |
4.7 |
|
|
|
9y ago |
Cross-site Scripting in Jenkins Core |
| CVE-2015-1810 |
medium |
— |
4.6 |
|
|
|
11y ago |
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation |
| CVE-2016-3727 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Jenkins Exposes Sensitive Information via API URL |
| CVE-2016-3725 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Missing permissions check in Jenkins Core |
| CVE-2016-3723 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Exposure of Sensitive Information in Jenkins Core |
| CVE-2016-3722 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Incorrect Authorization in Jenkins Core |
| CVE-2016-3721 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Jenkins allows Remote Users to Inject Build Parameters |
| CVE-2015-5326 |
medium |
— |
4.3 |
|
|
|
11y ago |
Jenkins allows Cross-Site Scripting (XSS) |
| CVE-2015-1813 |
medium |
— |
4.3 |
|
|
|
11y ago |
Jenkins allows Cross-Site Scripting (XSS) |
| CVE-2015-1812 |
medium |
— |
4.3 |
|
|
|
11y ago |
Jenkins Cross-site Scripting vulnerability |
| CVE-2014-2065 |
medium |
— |
4.3 |
|
|
|
12y ago |
Jenkins cross-site scripting (XSS) vulnerability |
| CVE-2014-3681 |
medium |
— |
4.3 |
|
|
|
12y ago |
Jenkins Cross-site Scripting vulnerability |
| CVE-2013-0328 |
medium |
— |
4.3 |
|
|
|
13y ago |
Jenkins subject to Cross-site Scripting |
| CVE-2012-6072 |
medium |
— |
4.3 |
|
|
|
14y ago |
Jenkins allows HTTP Injection and Response Splitting |
| CVE-2012-0325 |
medium |
— |
4.3 |
|
|
|
14y ago |
Jenkins allows Cross-Site Scripting (XSS) |
| CVE-2012-0324 |
medium |
— |
4.3 |
|
|
|
14y ago |
Jenkins allows Cross-Site Scripting (XSS) |
| CVE-2013-7330 |
medium |
— |
4.0 |
|
|
|
12y ago |
Jenkins allows attackers to configure restricted projects |
| CVE-2014-3680 |
medium |
— |
4.0 |
|
|
|
12y ago |
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
| CVE-2014-3667 |
medium |
— |
4.0 |
|
|
|
12y ago |
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code |
| CVE-2014-3664 |
medium |
— |
4.0 |
|
|
|
12y ago |
Jenkins Path Traversal vulnerability |
| CVE-2013-0331 |
medium |
— |
4.0 |
|
|
|
13y ago |
Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload |
| CVE-2013-0330 |
medium |
— |
4.0 |
|
|
|
13y ago |
Jenkins allows Remote Users to Build Arbitrary Jobs |
| CVE-2024-23897 |
unknown |
— |
2.5 |
|
|
|
2y ago |
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution. |
| CVE-2017-1000353 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would… |
| CVE-2018-1000861 |
unknown |
— |
2.5 |
|
|
|
4y ago |
A code execution vulnerability exists in the Stapler web framework used by Jenkins |
| CVE-2015-5317 |
unknown |
— |
1.5 |
|
|
|
4y ago |
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. |
