CVE-2026-9674 medium 4.3
4.3
jenkins 7d ago
A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
CVE-2026-48927 medium 5.5
5.5
jenkins 7d ago
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
CVE-2026-48926 medium 4.3
4.3
jenkins 7d ago
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred…
CVE-2026-48924 medium 4.3
4.3
jenkins 7d ago
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CVE-2026-48923 medium 4.3
4.3
jenkins 7d ago
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
CVE-2026-48919 medium 6.6
6.6
jenkins 7d ago
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48918 medium 6.6
6.6
jenkins 7d ago
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
CVE-2026-48917 medium 6.6
6.6
jenkins 7d ago
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48916 medium 6.6
6.6
jenkins 7d ago
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
CVE-2026-42525 medium 4.3
4.3
jenkins 1mo ago
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
CVE-2026-42522 medium 4.3
4.3
jenkins 1mo ago
Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test
CVE-2026-42521 medium 6.5
6.5
jenkins 1mo ago
Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors
CVE-2026-42519 medium 4.3
4.3
jenkins 1mo ago
Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths
CVE-2017-17383 medium 4.7
4.7
FIX arch jenkins 9y ago
Cross-site Scripting in Jenkins Core
CVE-2017-1000243 medium 4.3
4.3
jenkins 9y ago
Missing permission check in Jenkins Favorite Plugin
CVE-2017-1000113 medium 5.5
5.5
jenkins 9y ago
Jenkins Deploy to container Plugin stored plain text passwords in job configuration
CVE-2017-1000110 medium 4.3
4.3
jenkins 9y ago
Improper Authentication in Jenkins Blue Ocean Plugin
CVE-2017-1000109 medium 6.1
6.1
jenkins 9y ago
Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
CVE-2017-1000105 medium 5.3
5.3
jenkins 9y ago
Missing Authorization in Jenkins Blue Ocean Plugin
CVE-2017-1000104 medium 6.5
6.5
jenkins 9y ago
Improper Privilege Management in Jenkins Config File Provider Plugin
CVE-2017-1000103 medium 5.4
5.4
jenkins 9y ago
Persistent XSS vulnerability in Jenkins DRY Plugin
CVE-2017-1000102 medium 5.4
5.4
jenkins 9y ago
Persistent XSS vulnerability in Static Analysis Utilities
CVE-2017-1000095 medium 6.5
6.5
jenkins 9y ago
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
CVE-2017-1000094 medium 6.5
6.5
jenkins 9y ago
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
CVE-2017-1000091 medium 6.3
6.3
jenkins 9y ago
Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery
CVE-2017-1000089 medium 5.3
5.3
jenkins 9y ago
Jenkins Build Step Plugin fails to check Item/Build permission
CVE-2017-1000088 medium 5.4
5.4
jenkins 9y ago
Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin
CVE-2017-1000087 medium 4.3
4.3
jenkins 9y ago
Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
CVE-2017-1000085 medium 6.5
6.5
jenkins 9y ago
Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
CVE-2017-1000084 medium 6.5
6.5
jenkins 9y ago
Parameterized Trigger Plugin fails to check Item/Build permission
CVE-2014-9635 medium 5.3
5.3
jenkins apache 9y ago
Jenkins HttpOnly flag not Set for session cookies
CVE-2014-9634 medium 5.3
5.3
jenkins apache 9y ago
Jenkins secure flag not set on session cookies
CVE-2016-4988 medium 6.1
6.1
jenkins 9y ago
Cross-site Scripting in Jenkins Build Failure Analyzer plugin
CVE-2016-4987 medium 6.5
6.5
jenkins 9y ago
Jenkins Image Gallery Plugin allows Path Traversal
CVE-2016-3101 medium 5.4
5.4
jenkins 9y ago
Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS)
CVE-2016-3727 medium 4.3
4.3
jenkins redhat 10y ago
Jenkins Exposes Sensitive Information via API URL
CVE-2016-3725 medium 4.3
4.3
jenkins redhat 10y ago
Missing permissions check in Jenkins Core
CVE-2016-3724 medium 6.5
6.5
redhat jenkins 10y ago
Jenkins Exposes Sensitive Information from Job Configuration
CVE-2016-3723 medium 4.3
4.3
jenkins redhat 10y ago
Exposure of Sensitive Information in Jenkins Core
CVE-2016-3722 medium 4.3
4.3
jenkins redhat 10y ago
Incorrect Authorization in Jenkins Core
CVE-2016-3721 medium 4.3
4.3
redhat jenkins 10y ago
Jenkins allows Remote Users to Inject Build Parameters
CVE-2016-0790 medium 5.3
5.3
jenkins redhat 10y ago
Exposure of Sensitive Information in Jenkins Core
CVE-2016-0789 medium 6.1
6.1
jenkins redhat 10y ago
Jenkins has CRLF Injection Vulnerability in the CLI
CVE-2015-7536 medium 5.4
5.4
jenkins 11y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2015-5326 medium —
4.3
jenkins redhat 11y ago
Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-5324 medium —
5.0
jenkins redhat 11y ago
Jenkins allows Unauthorized Viewing of Queue API Information
CVE-2015-5323 medium —
6.5
redhat jenkins 11y ago
Jenkins allows Administrators to Access API Tokens
CVE-2015-5322 medium —
5.0
redhat jenkins 11y ago
Jenkins has Local File Inclusion Vulnerability
CVE-2015-5321 medium —
5.0
redhat jenkins 11y ago
Jenkins has Information Disclosure via Sidepanel Widget
CVE-2015-5320 medium —
5.0
redhat jenkins 11y ago
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5319 medium —
5.0
redhat jenkins 11y ago
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
CVE-2015-5318 medium —
6.8
jenkins redhat 11y ago
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2014-3665 medium —
6.8
jenkins 11y ago
Jenkins improperly ensures trust separation
CVE-2015-1813 medium —
4.3
jenkins redhat 11y ago
Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1812 medium —
4.3
jenkins redhat 11y ago
Jenkins Cross-site Scripting vulnerability
CVE-2015-1810 medium —
4.6
jenkins redhat 11y ago
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
CVE-2015-1806 medium —
6.5
jenkins redhat 11y ago
Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2014-2066 medium —
6.8
jenkins 12y ago
Jenkins session fixation vulnerability
CVE-2014-2065 medium —
4.3
jenkins 12y ago
Jenkins cross-site scripting (XSS) vulnerability
CVE-2014-2064 medium —
5.0
jenkins 12y ago
Jenkins allows attackers to determine whether a user exists
CVE-2014-2062 medium —
6.5
jenkins 12y ago
Jenkins does not invalidate the API token when a user is deleted
CVE-2014-2061 medium —
5.0
jenkins 12y ago
Jenkin allows attackers to obtain passwords by reading the HTML source code
CVE-2014-2060 medium —
5.0
jenkins 12y ago
Jenkins allows Remote Attackers to Hijack Sessions
CVE-2014-2058 medium —
6.5
jenkins 12y ago
Jenkins allows attackers to execute arbitrary jobs
CVE-2013-7330 medium —
4.0
jenkins 12y ago
Jenkins allows attackers to configure restricted projects
CVE-2014-3680 medium —
4.0
jenkins redhat 12y ago
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3667 medium —
4.0
redhat jenkins 12y ago
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
CVE-2014-3663 medium —
6.0
jenkins redhat 12y ago
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
CVE-2014-3662 medium —
5.0
jenkins redhat 12y ago
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3661 medium —
5.0
redhat jenkins 12y ago
Jenkins Denial of Service vulnerability
CVE-2014-3681 medium —
4.3
redhat jenkins 12y ago
Jenkins Cross-site Scripting vulnerability
CVE-2014-3664 medium —
4.0
jenkins redhat 12y ago
Jenkins Path Traversal vulnerability
CVE-2014-2059 medium —
6.5
jenkins 12y ago
Jenkins directory traversal vulnerability
CVE-2013-5573 medium —
5.3
EXP jenkins 13y ago
Jenkins allows Cross-Site Scripting (XSS) in User Configuration
CVE-2013-0331 medium —
4.0
jenkins 13y ago
Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
CVE-2013-0330 medium —
4.0
jenkins 13y ago
Jenkins allows Remote Users to Build Arbitrary Jobs
CVE-2013-0328 medium —
4.3
jenkins 13y ago
Jenkins subject to Cross-site Scripting
CVE-2013-0327 medium —
6.8
jenkins 13y ago
Jenkins Cross-Site Request Forgery vulnerability
CVE-2012-6073 medium —
5.8
cloudbees jenkins 14y ago
Jenkins affected by Open Redirect Vulnerability
CVE-2012-6072 medium —
4.3
cloudbees jenkins 14y ago
Jenkins allows HTTP Injection and Response Splitting
CVE-2012-0325 medium —
4.3
cloudbees jenkins 14y ago
Jenkins allows Cross-Site Scripting (XSS)
CVE-2012-0324 medium —
4.3
cloudbees jenkins 14y ago
Jenkins allows Cross-Site Scripting (XSS)
