CVE-2026-9674 medium 4.3
4.3
jenkins 7d ago
A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
CVE-2026-48927 medium 5.5
5.5
jenkins 7d ago
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
CVE-2026-48926 medium 4.3
4.3
jenkins 7d ago
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred…
CVE-2026-48924 medium 4.3
4.3
jenkins 7d ago
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CVE-2026-48923 medium 4.3
4.3
jenkins 7d ago
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
CVE-2026-48922 high 7.5
7.5
jenkins 7d ago
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to w…
CVE-2026-48921 high 7.5
7.5
jenkins 7d ago
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a…
CVE-2026-48920 high 8.8
8.8
jenkins 7d ago
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
CVE-2026-48919 medium 6.6
6.6
jenkins 7d ago
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48918 medium 6.6
6.6
jenkins 7d ago
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
CVE-2026-48917 medium 6.6
6.6
jenkins 7d ago
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48916 medium 6.6
6.6
jenkins 7d ago
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
CVE-2026-42525 medium 4.3
4.3
jenkins 1mo ago
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability
CVE-2026-42524 high 8.0
8.0
jenkins 1mo ago
Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file
CVE-2026-42523 critical 9.0
9.0
jenkins 1mo ago
Jenkins GitHub Plugin has an XSS vulnerability
CVE-2026-42522 medium 4.3
4.3
jenkins 1mo ago
Jenkins GitHub Branch Source Plugin: Missing permissions check allows attackers to perform a connection test
CVE-2026-42521 medium 6.5
6.5
jenkins 1mo ago
Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors
CVE-2026-42520 high 7.5
7.5
jenkins 1mo ago
Jenkins Credentials Binding Plugin has a path traversal vulnerability
CVE-2026-42519 medium 4.3
4.3
jenkins 1mo ago
Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths
CVE-2023-44487 high 7.5
10.0
KEV EXP FIX rocky rhel debian siemens ietf nghttp2 3y ago
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
CVE-2017-17383 medium 4.7
4.7
FIX arch jenkins 9y ago
Cross-site Scripting in Jenkins Core
CVE-2017-1000245 critical 9.8
9.8
jenkins 9y ago
Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
CVE-2017-1000244 high 8.8
8.8
jenkins 9y ago
Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery
CVE-2017-1000243 medium 4.3
4.3
jenkins 9y ago
Missing permission check in Jenkins Favorite Plugin
CVE-2017-1000242 low 3.3
3.3
jenkins 9y ago
Insecure temporary file usage in Jenkins Git Client Plugin
CVE-2017-1000114 low 3.1
3.1
jenkins 9y ago
Exposure of Sensitive Information in Jenkins Datadog plugin
CVE-2017-1000113 medium 5.5
5.5
jenkins 9y ago
Jenkins Deploy to container Plugin stored plain text passwords in job configuration
CVE-2017-1000110 medium 4.3
4.3
jenkins 9y ago
Improper Authentication in Jenkins Blue Ocean Plugin
CVE-2017-1000109 medium 6.1
6.1
jenkins 9y ago
Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
CVE-2017-1000108 high 7.5
7.5
jenkins 9y ago
Jenkins Pipeline: Input Step Plugin
CVE-2017-1000107 high 8.8
8.8
jenkins 9y ago
Sandbox bypass in Jenkins Script Security Plugin sandbox bypass
CVE-2017-1000106 high 8.5
8.5
jenkins 9y ago
Improper Authentication in Jenkins Blue Ocean Plugin
CVE-2017-1000105 medium 5.3
5.3
jenkins 9y ago
Missing Authorization in Jenkins Blue Ocean Plugin
CVE-2017-1000104 medium 6.5
6.5
jenkins 9y ago
Improper Privilege Management in Jenkins Config File Provider Plugin
CVE-2017-1000103 medium 5.4
5.4
jenkins 9y ago
Persistent XSS vulnerability in Jenkins DRY Plugin
CVE-2017-1000102 medium 5.4
5.4
jenkins 9y ago
Persistent XSS vulnerability in Static Analysis Utilities
CVE-2017-1000096 high 8.8
8.8
jenkins 9y ago
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline
CVE-2017-1000095 medium 6.5
6.5
jenkins 9y ago
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
CVE-2017-1000094 medium 6.5
6.5
jenkins 9y ago
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
CVE-2017-1000093 high 8.8
8.8
jenkins 9y ago
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
CVE-2017-1000092 high 7.5
7.5
jenkins 9y ago
Cross-Site Request Forgery in Jenkins Git Plugin
CVE-2017-1000091 medium 6.3
6.3
jenkins 9y ago
Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery
CVE-2017-1000090 high 8.8
8.8
jenkins 9y ago
CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration
CVE-2017-1000089 medium 5.3
5.3
jenkins 9y ago
Jenkins Build Step Plugin fails to check Item/Build permission
CVE-2017-1000088 medium 5.4
5.4
jenkins 9y ago
Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin
CVE-2017-1000087 medium 4.3
4.3
jenkins 9y ago
Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
CVE-2017-1000086 high 8.0
8.0
jenkins 9y ago
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings
CVE-2017-1000085 medium 6.5
6.5
jenkins 9y ago
Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
CVE-2017-1000084 medium 6.5
6.5
jenkins 9y ago
Parameterized Trigger Plugin fails to check Item/Build permission
CVE-2014-9635 medium 5.3
5.3
jenkins apache 9y ago
Jenkins HttpOnly flag not Set for session cookies
CVE-2014-9634 medium 5.3
5.3
jenkins apache 9y ago
Jenkins secure flag not set on session cookies
CVE-2017-1000362 critical 9.8
9.8
jenkins 9y ago
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2016-4988 medium 6.1
6.1
jenkins 9y ago
Cross-site Scripting in Jenkins Build Failure Analyzer plugin
CVE-2016-4987 medium 6.5
6.5
jenkins 9y ago
Jenkins Image Gallery Plugin allows Path Traversal
CVE-2016-4986 high 7.5
7.5
jenkins 9y ago
Jenkins TAP Plugin allows Path Traversal
CVE-2016-3102 high 7.3
7.3
jenkins 9y ago
Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
CVE-2016-3101 medium 5.4
5.4
jenkins 9y ago
Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS)
CVE-2016-9299 critical 9.8
10.0
EXP fedora jenkins 10y ago
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
CVE-2016-3727 medium 4.3
4.3
jenkins redhat 10y ago
Jenkins Exposes Sensitive Information via API URL
CVE-2016-3726 high 7.4
7.4
jenkins redhat 10y ago
Jenkins affected by Open Redirect Vulnerability
CVE-2016-3725 medium 4.3
4.3
jenkins redhat 10y ago
Missing permissions check in Jenkins Core
CVE-2016-3724 medium 6.5
6.5
redhat jenkins 10y ago
Jenkins Exposes Sensitive Information from Job Configuration
CVE-2016-3723 medium 4.3
4.3
jenkins redhat 10y ago
Exposure of Sensitive Information in Jenkins Core
CVE-2016-3722 medium 4.3
4.3
jenkins redhat 10y ago
Incorrect Authorization in Jenkins Core
CVE-2016-3721 medium 4.3
4.3
redhat jenkins 10y ago
Jenkins allows Remote Users to Inject Build Parameters
CVE-2016-0792 high 8.8
9.8
EXP jenkins redhat 10y ago
Jenkins allows Deserialization of Untrusted Data via an XML File
CVE-2016-0791 critical 9.8
9.8
redhat jenkins 10y ago
Exposure of Sensitive Information in Jenkins Core
CVE-2016-0790 medium 5.3
5.3
jenkins redhat 10y ago
Exposure of Sensitive Information in Jenkins Core
CVE-2016-0789 medium 6.1
6.1
jenkins redhat 10y ago
Jenkins has CRLF Injection Vulnerability in the CLI
CVE-2016-0788 critical 9.8
9.8
jenkins redhat 10y ago
Jenkins allows Execution of Code by Opening a JRMP Listener
CVE-2015-7539 high 7.5
7.5
jenkins redhat 11y ago
Jenkins does not Verify Checksums for Plugin Files
CVE-2015-7538 high 8.8
8.8
jenkins redhat 11y ago
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-7537 high 8.8
8.8
redhat jenkins 11y ago
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2015-7536 medium 5.4
5.4
jenkins 11y ago
Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2015-8103 critical 9.8
10.0
EXP redhat jenkins 11y ago
Jenkins CLI Deserialization of Untrusted Data vulnerability
CVE-2015-5326 medium —
4.3
jenkins redhat 11y ago
Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-5325 high —
7.5
redhat jenkins 11y ago
Jenkins allows Bypass of Access Restrictions
CVE-2015-5324 medium —
5.0
jenkins redhat 11y ago
Jenkins allows Unauthorized Viewing of Queue API Information
CVE-2015-5323 medium —
6.5
redhat jenkins 11y ago
Jenkins allows Administrators to Access API Tokens
CVE-2015-5322 medium —
5.0
redhat jenkins 11y ago
Jenkins has Local File Inclusion Vulnerability
CVE-2015-5321 medium —
5.0
redhat jenkins 11y ago
Jenkins has Information Disclosure via Sidepanel Widget
CVE-2015-5320 medium —
5.0
redhat jenkins 11y ago
Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5319 medium —
5.0
redhat jenkins 11y ago
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
CVE-2015-5318 medium —
6.8
jenkins redhat 11y ago
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
CVE-2014-3665 medium —
6.8
jenkins 11y ago
Jenkins improperly ensures trust separation
CVE-2015-1814 high —
7.5
jenkins redhat 11y ago
Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2015-1813 medium —
4.3
jenkins redhat 11y ago
Jenkins allows Cross-Site Scripting (XSS)
CVE-2015-1812 medium —
4.3
jenkins redhat 11y ago
Jenkins Cross-site Scripting vulnerability
CVE-2015-1810 medium —
4.6
jenkins redhat 11y ago
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
CVE-2015-1808 low —
3.5
jenkins redhat 11y ago
Jenkins Vulnerable to Denial of Service (DoS)
CVE-2015-1807 low —
3.5
jenkins redhat 11y ago
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building …
CVE-2015-1806 medium —
6.5
jenkins redhat 11y ago
Jenkins allows for Privilege Escalation by Remote Authenticated Users
CVE-2014-2068 low —
3.5
jenkins 12y ago
Jenkins allows attackers to obtain sensitive information
CVE-2014-2066 medium —
6.8
jenkins 12y ago
Jenkins session fixation vulnerability
CVE-2014-2065 medium —
4.3
jenkins 12y ago
Jenkins cross-site scripting (XSS) vulnerability
CVE-2014-2064 medium —
5.0
jenkins 12y ago
Jenkins allows attackers to determine whether a user exists
CVE-2014-2063 high —
7.5
jenkins 12y ago
Jenkins Vulnerable to Clickjacking
CVE-2014-2062 medium —
6.5
jenkins 12y ago
Jenkins does not invalidate the API token when a user is deleted
CVE-2014-2061 medium —
5.0
jenkins 12y ago
Jenkin allows attackers to obtain passwords by reading the HTML source code
CVE-2014-2060 medium —
5.0
jenkins 12y ago
Jenkins allows Remote Attackers to Hijack Sessions
