Latest critical severity vulnerabilities for vendor "jenkins"

Filters

Software

jenkins jenkins

jenkins script security

jenkins active directory

jenkins pipeline\

jenkins dotci

jenkins email extension

jenkins groovy libraries

jenkins kubernetes pipeline

jenkins matlab

jenkins semantic versioning

jenkins bitbucket oauth

jenkins cccc

jenkins ci/cd

jenkins compuware common configuration

jenkins convert to pipeline

jenkins cryptomove

jenkins debian package builder

jenkins distributed fork

jenkins ec2

jenkins generic webhook trigger

jenkins installation manager tool

jenkins japex

jenkins jenkins command line interface (cli)

jenkins jenkins stapler web framework

jenkins jira

jenkins job dsl

jenkins job import

jenkins keycloak authentication

jenkins matrix project jenkins

jenkins matrix project plugin

jenkins mstest

jenkins nuget

jenkins ontrack jenkins

jenkins openid

jenkins osf builder suite \

jenkins pipeline remote loader

jenkins plot

jenkins puppet enterprise pipeline

jenkins role-based authorization strategy

jenkins rqm

jenkins selection tasks

jenkins self-organizing swarm modules

jenkins sounds

jenkins sourcemonitor

jenkins ssh

jenkins testcomplete support

jenkins update-center2

jenkins xunit

maven/org.jenkins-ci.main:jenkins-corePath Traversal

critical

9.1

First published (updated )

CVE-2024-43044

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution

critical

First published (updated )

CVE-2023-40057

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

critical

9.6

EPSS

0.06%

First published (updated )

CVE-2024-23477

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

critical

9.6

EPSS

0.06%

First published (updated )

CVE-2024-23476

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

critical

9.6

EPSS

0.06%

First published (updated )

CVE-2024-23479

Never miss a vulnerability like this again

Read More Start Free Trial

maven/org.jenkins-ci.main:jenkins-coreJenkins Command Line Interface (CLI) Path Traversal Vulnerability

critical

9.8

Exploited

EPSS

38.41%

First published (updated )

CVE-2024-23897

Jenkins MatlabXEE, CSRF

critical

9.8

First published (updated )

CVE-2023-49656

Jenkins MatlabCSRF

critical

9.8

First published (updated )

CVE-2023-49654

Jenkins Convert To PipelineCommand Injection

critical

9.8

First published (updated )

CVE-2023-28677

Jenkins Role-based Authorization StrategyJenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions e…

critical

9.8

First published (updated )

CVE-2023-28668

Never miss a vulnerability like this again

Read More Start Free Trial

Jenkins Update-center2XSS

critical

9.6

First published (updated )

CVE-2023-27905

redhat/jenkinsXSS

critical

9.6

First published (updated )

CVE-2023-27898

Jenkins Email ExtensionIn Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subje…

critical

9.9

First published (updated )

CVE-2023-25765

Jenkins Semantic VersioningXEE

critical

9.8

First published (updated )

CVE-2023-24430

Jenkins Semantic VersioningXEE

critical

9.8

First published (updated )

CVE-2023-24429

Never miss a vulnerability like this again

Read More Start Free Trial

Jenkins OpenidJenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

critical

9.8

First published (updated )

CVE-2023-24444

maven/org.jenkins-ci.plugins:TestCompleteXEE

critical

9.8

First published (updated )

CVE-2023-24443

Jenkins Bitbucket OauthJenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.

critical

9.8

First published (updated )

CVE-2023-24427

maven/org.jvnet.hudson.plugins:mstestXEE

critical

9.8

First published (updated )

CVE-2023-24441

Jenkins Keycloak AuthenticationJenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on…

critical

9.8

First published (updated )

CVE-2023-24456

Never miss a vulnerability like this again

Read More Start Free Trial

Jenkins PlotXEE

critical

9.8

First published (updated )

CVE-2022-46682

Jenkins JapexXEE

critical

9.8

First published (updated )

CVE-2022-45400

Jenkins SourcemonitorXEE

critical

9.8

First published (updated )

CVE-2022-45396

Jenkins Osf Builder Suite \XEE

critical

9.8

First published (updated )

CVE-2022-45397

Jenkins CcccXEE

critical

9.8

First published (updated )

CVE-2022-45395

Never miss a vulnerability like this again

Read More Start Free Trial

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

critical

9.9

First published (updated )

CVE-2022-43401

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

critical

9.9

First published (updated )

CVE-2022-43403

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

critical

9.9

First published (updated )

CVE-2022-43405

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

critical

9.9

First published (updated )

CVE-2022-43402

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

critical

9.9

First published (updated )

CVE-2022-43406

Never miss a vulnerability like this again

Read More Start Free Trial

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

critical

9.9

First published (updated )

CVE-2022-43404

Jenkins RqmXEE

critical

9.1

First published (updated )

CVE-2022-41241

Jenkins DotciA missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attack…

critical

9.8

First published (updated )

CVE-2022-41238

Jenkins DotciJenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantia…

critical

9.8

First published (updated )

CVE-2022-41237

Jenkins Compuware Common ConfigurationXEE

critical

9.8

First published (updated )

CVE-2022-41226

Never miss a vulnerability like this again

Read More Start Free Trial

Jenkins XunitJenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user…

critical

9.1

First published (updated )

CVE-2022-34181

Jenkins Debian Package BuilderJenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents…

critical

First published (updated )

CVE-2022-23118

Jenkins JenkinsJenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents o…

critical

9.1

First published (updated )

CVE-2021-21697

Jenkins JenkinsFilePath#listFiles lists files outside directories with agent read access when following symbolic li…

critical

First published (updated )

CVE-2021-21695

Jenkins JenkinsJenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the lib…

critical

9.8

First published (updated )

CVE-2021-21696

Never miss a vulnerability like this again

Read More Start Free Trial

Jenkins JenkinsFilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*Di…

critical

9.8

First published (updated )

CVE-2021-21694

Jenkins JenkinsPath Traversal

critical

9.8

First published (updated )

CVE-2021-21692

Jenkins JenkinsCreating symbolic links is possible without the symlink permission.

critical

9.8

First published (updated )

CVE-2021-21691

Jenkins JenkinsFilePath#unzip and FilePath#untar were not subject to any access control.

critical

9.1

First published (updated )

CVE-2021-21689

Jenkins JenkinsPath Traversal

critical

9.8

First published (updated )

CVE-2021-21690

Never miss a vulnerability like this again

Read More Start Free Trial

Jenkins JenkinsFilePath#reading(FileVisitor) does not reject any operations, allowing users to have unrestricted re…

critical

First published (updated )

CVE-2021-21688

Jenkins JenkinsFilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link. …

critical

9.1

First published (updated )

CVE-2021-21687

Jenkins JenkinsPath Traversal

critical

First published (updated )

CVE-2021-21686

Jenkins JenkinsFilePath#mkdirs does not check permission to create parent directories.

critical

9.1

First published (updated )

CVE-2021-21685

maven/org.jenkins-ci.main:jenkins-coreWhen creating temporary files, permission to create files is only checked after they’ve been created…

critical

9.8

First published (updated )

CVE-2021-21693

Never miss a vulnerability like this again

Read More Start Free Trial

Software

maven/org.jenkins-ci.main:jenkins-corePath Traversal

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability

Never miss a vulnerability like this again

maven/org.jenkins-ci.main:jenkins-coreJenkins Command Line Interface (CLI) Path Traversal Vulnerability

Jenkins MatlabXEE, CSRF

Jenkins MatlabCSRF

Jenkins Convert To PipelineCommand Injection

Jenkins Role-based Authorization StrategyJenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions e…

Never miss a vulnerability like this again

Jenkins Update-center2XSS

redhat/jenkinsXSS

Jenkins Email ExtensionIn Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subje…

Jenkins Semantic VersioningXEE

Jenkins Semantic VersioningXEE

Never miss a vulnerability like this again

Jenkins OpenidJenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

maven/org.jenkins-ci.plugins:TestCompleteXEE

Jenkins Bitbucket OauthJenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.

maven/org.jvnet.hudson.plugins:mstestXEE

Jenkins Keycloak AuthenticationJenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on…

Never miss a vulnerability like this again

Jenkins PlotXEE

Jenkins JapexXEE

Jenkins SourcemonitorXEE

Jenkins Osf Builder Suite \XEE

Jenkins CcccXEE

Never miss a vulnerability like this again

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

Never miss a vulnerability like this again

redhat/jenkinsA sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticat…

Jenkins RqmXEE

Jenkins DotciA missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attack…

Jenkins DotciJenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantia…

Jenkins Compuware Common ConfigurationXEE

Never miss a vulnerability like this again

Jenkins XunitJenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user…

Jenkins Debian Package BuilderJenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents…

Jenkins JenkinsJenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents o…

Jenkins JenkinsFilePath#listFiles lists files outside directories with agent read access when following symbolic li…

Jenkins JenkinsJenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the lib…

Never miss a vulnerability like this again

Jenkins JenkinsFilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*Di…

Jenkins JenkinsPath Traversal

Jenkins JenkinsCreating symbolic links is possible without the symlink permission.

Jenkins JenkinsFilePath#unzip and FilePath#untar were not subject to any access control.

Jenkins JenkinsPath Traversal

Never miss a vulnerability like this again

Jenkins JenkinsFilePath#reading(FileVisitor) does not reject any operations, allowing users to have unrestricted re…

Jenkins JenkinsFilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link. …

Jenkins JenkinsPath Traversal

Jenkins JenkinsFilePath#mkdirs does not check permission to create parent directories.

maven/org.jenkins-ci.main:jenkins-coreWhen creating temporary files, permission to create files is only checked after they’ve been created…

Never miss a vulnerability like this again

Company

Resources

Contact