Package impact

Maven / org.jenkins-ci.main:jenkins-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2015-5318	medium	—	6.8				11y ago	Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2014-3665	medium	—	6.8				11y ago	Jenkins improperly ensures trust separation
CVE-2014-2066	medium	—	6.8				12y ago	Jenkins session fixation vulnerability
CVE-2013-2034	medium	—	6.8				12y ago	Jenkins Cross-Site Request Forgery vulnerabilities
CVE-2013-0327	medium	—	6.8				13y ago	Jenkins Cross-Site Request Forgery vulnerability
CVE-2016-3724	medium	6.5	6.5				10y ago	Jenkins Exposes Sensitive Information from Job Configuration
CVE-2015-5323	medium	—	6.5				11y ago	Jenkins allows Administrators to Access API Tokens
CVE-2015-1806	medium	—	6.5				11y ago	Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2014-2062	medium	—	6.5				12y ago	Jenkins does not invalidate the API token when a user is deleted
CVE-2014-2058	medium	—	6.5				12y ago	Jenkins allows attackers to execute arbitrary jobs
CVE-2014-2059	medium	—	6.5				12y ago	Jenkins directory traversal vulnerability
CVE-2016-0789	medium	6.1	6.1				10y ago	Jenkins has CRLF Injection Vulnerability in the CLI
CVE-2014-3663	medium	—	6.0				12y ago	Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2012-6073	medium	—	5.8				14y ago	Jenkins affected by Open Redirect Vulnerability
CVE-2021-21682	medium	—	5.5				4y ago	Improper handling of equivalent directory names on Windows in Jenkins
CVE-2021-21683	medium	—	5.5				4y ago	Path traversal vulnerability on Windows in Jenkins
CVE-2021-21640	medium	—	5.5				4y ago	View name validation bypass in Jenkins
CVE-2021-21639	medium	—	5.5				4y ago	Lack of type validation in agent related REST API in Jenkins
CVE-2021-21615	medium	—	5.5				4y ago	Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
CVE-2019-10384	medium	—	5.5				4y ago	multiple issues in jenkins
CVE-2019-10383	medium	—	5.5				4y ago	multiple issues in jenkins
CVE-2018-1999043	medium	—	5.5				4y ago	Missing Release of Resource after Effective Lifetime in Jenkins
CVE-2019-1003049	medium	—	5.5				4y ago	multiple issues in jenkins
CVE-2019-1003050	medium	—	5.5				4y ago	multiple issues in jenkins
CVE-2015-7536	medium	5.4	5.4				11y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2014-9635	medium	5.3	5.3				9y ago	Jenkins HttpOnly flag not Set for session cookies
CVE-2014-9634	medium	5.3	5.3				9y ago	Jenkins secure flag not set on session cookies
CVE-2016-0790	medium	5.3	5.3				10y ago	Exposure of Sensitive Information in Jenkins Core
CVE-2013-5573	medium	—	5.3				13y ago	Jenkins allows Cross-Site Scripting (XSS) in User Configuration
CVE-2015-5324	medium	—	5.0				11y ago	Jenkins allows Unauthorized Viewing of Queue API Information
CVE-2015-5322	medium	—	5.0				11y ago	Jenkins has Local File Inclusion Vulnerability
CVE-2015-5321	medium	—	5.0				11y ago	Jenkins has Information Disclosure via Sidepanel Widget
CVE-2015-5320	medium	—	5.0				11y ago	Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5319	medium	—	5.0				11y ago	Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
CVE-2014-2064	medium	—	5.0				12y ago	Jenkins allows attackers to determine whether a user exists
CVE-2014-2061	medium	—	5.0				12y ago	Jenkin allows attackers to obtain passwords by reading the HTML source code
CVE-2014-2060	medium	—	5.0				12y ago	Jenkins allows Remote Attackers to Hijack Sessions
CVE-2014-3662	medium	—	5.0				12y ago	Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661	medium	—	5.0				12y ago	Jenkins Denial of Service vulnerability
CVE-2017-17383	medium	4.7	4.7				9y ago	Cross-site Scripting in Jenkins Core
CVE-2015-1810	medium	—	4.6				11y ago	Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
CVE-2016-3727	medium	4.3	4.3				10y ago	Jenkins Exposes Sensitive Information via API URL
CVE-2016-3725	medium	4.3	4.3				10y ago	Missing permissions check in Jenkins Core
CVE-2016-3723	medium	4.3	4.3				10y ago	Exposure of Sensitive Information in Jenkins Core
CVE-2016-3722	medium	4.3	4.3				10y ago	Incorrect Authorization in Jenkins Core
CVE-2016-3721	medium	4.3	4.3				10y ago	Jenkins allows Remote Users to Inject Build Parameters
CVE-2015-5326	medium	—	4.3				11y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1813	medium	—	4.3				11y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1812	medium	—	4.3				11y ago	Jenkins Cross-site Scripting vulnerability
CVE-2014-2065	medium	—	4.3				12y ago	Jenkins cross-site scripting (XSS) vulnerability
CVE-2014-3681	medium	—	4.3				12y ago	Jenkins Cross-site Scripting vulnerability
CVE-2013-0328	medium	—	4.3				13y ago	Jenkins subject to Cross-site Scripting
CVE-2012-6072	medium	—	4.3				14y ago	Jenkins allows HTTP Injection and Response Splitting
CVE-2012-0325	medium	—	4.3				14y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2012-0324	medium	—	4.3				14y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2013-7330	medium	—	4.0				12y ago	Jenkins allows attackers to configure restricted projects
CVE-2014-3680	medium	—	4.0				12y ago	Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3667	medium	—	4.0				12y ago	Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3664	medium	—	4.0				12y ago	Jenkins Path Traversal vulnerability
CVE-2013-0331	medium	—	4.0				13y ago	Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
CVE-2013-0330	medium	—	4.0				13y ago	Jenkins allows Remote Users to Build Arbitrary Jobs
CVE-2015-1808	low	—	3.5				11y ago	Jenkins Vulnerable to Denial of Service (DoS)
CVE-2014-2068	low	—	3.5				12y ago	Jenkins allows attackers to obtain sensitive information
CVE-2014-2067	low	—	3.5				12y ago	Jenkins cross-site scripting (XSS) vulnerability
CVE-2012-6074	low	—	3.5				14y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2013-0158	low	—	2.6				14y ago	Jenkins allows attackers to obtain the master cryptographic key
CVE-2011-4344	low	—	2.6				15y ago	Jenkins allows Cross-Site Scripting (XSS)
CVE-2024-23897	unknown	—	2.5				2y ago	Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
CVE-2017-1000353	unknown	—	2.5				4y ago	Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would…
CVE-2018-1000861	unknown	—	2.5				4y ago	A code execution vulnerability exists in the Stapler web framework used by Jenkins
CVE-2013-2033	low	—	2.1				12y ago	Jenkins vulnerable to Cross-site Scripting
CVE-2015-5317	unknown	—	1.5				4y ago	Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
CVE-2020-2230	unknown	—	1.0				4y ago	Jenkins Cross-site Scripting vulnerability in project naming strategy
CVE-2020-2231	unknown	—	1.0				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2229	unknown	—	1.0				4y ago	Jenkins Cross-Site Scripting vulnerability in help icons
CVE-2026-33001	unknown	—	—				3mo ago	Jenkins has a link following vulnerability allows arbitrary file creation
CVE-2026-33002	unknown	—	—				3mo ago	Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
CVE-2026-27099	unknown	—	—				4mo ago	Jenkins has a stored XSS vulnerability in node offline cause description
CVE-2026-27100	unknown	—	—				4mo ago	Jenkins has a build information disclosure vulnerability through Run Parameter
CVE-2025-67639	unknown	—	—				6mo ago	Jenkins has a CSRF vulnerability on the login form
CVE-2025-67638	unknown	—	—				6mo ago	Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67637	unknown	—	—				6mo ago	Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67635	unknown	—	—				6mo ago	Jenkins has a Denial of service vulnerability in HTTP-based CLI
CVE-2025-67636	unknown	—	—				6mo ago	Jenkins is missing a permission check on password fields
CVE-2025-59474	unknown	—	—				9mo ago	Jenkins has a missing permission check, allowing users to obtain agent names
CVE-2025-59476	unknown	—	—				9mo ago	Jenkins has a log message injection vulnerability
CVE-2025-31721	unknown	—	—				1y ago	Jenkins Missing Permission Check
CVE-2025-31720	unknown	—	—				1y ago	Jenkins Missing Permission Check
CVE-2025-27624	unknown	—	—				1y ago	Jenkins cross-site request forgery (CSRF) vulnerability
CVE-2025-27623	unknown	—	—				1y ago	Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
CVE-2025-27622	unknown	—	—				1y ago	Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
CVE-2025-27625	unknown	—	—				1y ago	Jenkins Open Redirect vulnerability
CVE-2024-47804	unknown	—	—				2y ago	Jenkins item creation restriction bypass vulnerability
CVE-2024-47803	unknown	—	—				2y ago	Jenkins exposes multi-line secrets through error messages
CVE-2024-43044	unknown	—	—				2y ago	Jenkins Remoting library arbitrary file read vulnerability
CVE-2024-43045	unknown	—	—				2y ago	Jenkins does not perform a permission check in an HTTP endpoint
CVE-2024-23898	unknown	—	—				2y ago	Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
CVE-2023-43498	unknown	—	—				3y ago	Jenkins temporary uploaded file created with insecure permissions
CVE-2023-43495	unknown	—	—				3y ago	Jenkins Cross-site Scripting vulnerability
CVE-2023-43496	unknown	—	—				3y ago	Jenkins temporary plugin file created with insecure permissions