Package impact

Maven / org.jenkins-ci.main:jenkins-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2016-0792	high	8.8	9.8				10y ago	Jenkins allows Deserialization of Untrusted Data via an XML File
CVE-2018-1999002	high	—	9.0				4y ago	multiple issues in jenkins
CVE-2015-7538	high	8.8	8.8				11y ago	Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-7537	high	8.8	8.8				11y ago	Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2021-21670	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21671	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21611	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21607	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21605	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21610	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21608	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21604	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21603	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21602	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21606	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2021-21609	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2019-10352	high	—	8.0				4y ago	Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2019-10353	high	—	8.0				4y ago	Cross-Site Request Forgery in Jenkins
CVE-2019-10354	high	—	8.0				4y ago	Missing Authorization in Jenkins
CVE-2017-1000355	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2017-1000356	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2017-1000354	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2018-1999006	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2018-1999004	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2018-1999007	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2018-1999005	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2018-1999001	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2018-1999003	high	—	8.0				4y ago	multiple issues in jenkins
CVE-2015-7539	high	7.5	7.5				11y ago	Jenkins does not Verify Checksums for Plugin Files
CVE-2015-5325	high	—	7.5				11y ago	Jenkins allows Bypass of Access Restrictions
CVE-2015-1814	high	—	7.5				11y ago	Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2014-2063	high	—	7.5				12y ago	Jenkins Vulnerable to Clickjacking
CVE-2014-3666	high	—	7.5				12y ago	Jenkins allows for Code Execution via Crafted Packet to the CLI
CVE-2013-0329	high	—	7.5				13y ago	Jenkins Cross-Site Request Forgery vulnerability
CVE-2016-3726	high	7.4	7.4				10y ago	Jenkins affected by Open Redirect Vulnerability
CVE-2024-23897	unknown	—	2.5				2y ago	Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
CVE-2017-1000353	unknown	—	2.5				4y ago	Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would…
CVE-2018-1000861	unknown	—	2.5				4y ago	A code execution vulnerability exists in the Stapler web framework used by Jenkins
CVE-2015-5317	unknown	—	1.5				4y ago	Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
CVE-2020-2230	unknown	—	1.0				4y ago	Jenkins Cross-site Scripting vulnerability in project naming strategy
CVE-2020-2229	unknown	—	1.0				4y ago	Jenkins Cross-Site Scripting vulnerability in help icons
CVE-2020-2231	unknown	—	1.0				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2026-33002	unknown	—	—				3mo ago	Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
CVE-2026-33001	unknown	—	—				3mo ago	Jenkins has a link following vulnerability allows arbitrary file creation
CVE-2026-27100	unknown	—	—				4mo ago	Jenkins has a build information disclosure vulnerability through Run Parameter
CVE-2026-27099	unknown	—	—				4mo ago	Jenkins has a stored XSS vulnerability in node offline cause description
CVE-2025-67638	unknown	—	—				6mo ago	Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67639	unknown	—	—				6mo ago	Jenkins has a CSRF vulnerability on the login form
CVE-2025-67636	unknown	—	—				6mo ago	Jenkins is missing a permission check on password fields
CVE-2025-67637	unknown	—	—				6mo ago	Jenkins's build authorization token is stored and displayed in plain text
CVE-2025-67635	unknown	—	—				6mo ago	Jenkins has a Denial of service vulnerability in HTTP-based CLI
CVE-2025-59474	unknown	—	—				9mo ago	Jenkins has a missing permission check, allowing users to obtain agent names
CVE-2025-59476	unknown	—	—				9mo ago	Jenkins has a log message injection vulnerability
CVE-2025-31720	unknown	—	—				1y ago	Jenkins Missing Permission Check
CVE-2025-31721	unknown	—	—				1y ago	Jenkins Missing Permission Check
CVE-2025-27622	unknown	—	—				1y ago	Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
CVE-2025-27624	unknown	—	—				1y ago	Jenkins cross-site request forgery (CSRF) vulnerability
CVE-2025-27623	unknown	—	—				1y ago	Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
CVE-2025-27625	unknown	—	—				1y ago	Jenkins Open Redirect vulnerability
CVE-2024-47803	unknown	—	—				2y ago	Jenkins exposes multi-line secrets through error messages
CVE-2024-47804	unknown	—	—				2y ago	Jenkins item creation restriction bypass vulnerability
CVE-2024-43045	unknown	—	—				2y ago	Jenkins does not perform a permission check in an HTTP endpoint
CVE-2024-43044	unknown	—	—				2y ago	Jenkins Remoting library arbitrary file read vulnerability
CVE-2024-23898	unknown	—	—				2y ago	Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
CVE-2023-43497	unknown	—	—				3y ago	Jenkins temporary uploaded file created with insecure permissions
CVE-2023-43498	unknown	—	—				3y ago	Jenkins temporary uploaded file created with insecure permissions
CVE-2023-43495	unknown	—	—				3y ago	Jenkins Cross-site Scripting vulnerability
CVE-2023-43496	unknown	—	—				3y ago	Jenkins temporary plugin file created with insecure permissions
CVE-2023-43494	unknown	—	—				3y ago	Jenkins does not exclude sensitive build variables from search
CVE-2023-39151	unknown	—	—				3y ago	Jenkins Stored Cross-site Scripting vulnerability
CVE-2023-35141	unknown	—	—				3y ago	Jenkins CSRF protection bypass vulnerability
CVE-2023-27904	unknown	—	—				3y ago	Information disclosure through error stack traces related to agents
CVE-2023-27903	unknown	—	—				3y ago	Incorrect Authorization in Jenkins Core
CVE-2023-27898	unknown	—	—				3y ago	Cross-site Scripting vulnerability in Jenkins
CVE-2023-27899	unknown	—	—				3y ago	Incorrect Authorization in Jenkins Core
CVE-2023-27902	unknown	—	—				3y ago	Incorrect Permission Preservation in Jenkins Core
CVE-2023-27900	unknown	—	—				3y ago	Denial of service in Jenkins Core
CVE-2023-27901	unknown	—	—				3y ago	Denial of service in Jenkins Core
CVE-2022-41224	unknown	—	—				4y ago	Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
CVE-2022-34173	unknown	—	—				4y ago	Cross-site Scripting vulnerability in Jenkins
CVE-2022-34175	unknown	—	—				4y ago	Unauthorized view fragment access in Jenkins
CVE-2022-34172	unknown	—	—				4y ago	Cross-site Scripting vulnerability in Jenkins
CVE-2022-34174	unknown	—	—				4y ago	Observable timing discrepancy allows determining username validity in Jenkins
CVE-2022-34171	unknown	—	—				4y ago	Cross-site Scripting vulnerability in Jenkins
CVE-2022-34170	unknown	—	—				4y ago	Cross-site Scripting vulnerability in Jenkins
CVE-2019-10406	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10403	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10405	unknown	—	—				4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2019-10404	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10402	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2019-10401	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2222	unknown	—	—				4y ago	Stored XSS vulnerability in Jenkins 'keep forever' badge icon
CVE-2020-2220	unknown	—	—				4y ago	Stored XSS vulnerability in Jenkins job build time trend
CVE-2020-2221	unknown	—	—				4y ago	Stored XSS vulnerability in Jenkins upstream cause
CVE-2020-2223	unknown	—	—				4y ago	Stored XSS vulnerability in Jenkins console links
CVE-2020-2161	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2160	unknown	—	—				4y ago	Cross-Site Request Forgery in Jenkins
CVE-2020-2162	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2163	unknown	—	—				4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2105	unknown	—	—				4y ago	Jenkins REST APIs vulnerable to clickjacking