VYPR
Vendor

Jenkins Project

Products
718
CVEs
1,579
Across products
621
Status
Private

Products

718
View all 718 products →

Recent CVEs

1,579
View all 1,579 CVEs →
  • CVE-2016-9299CriJan 12, 2017
    risk 0.68cvss 9.8epss 0.97

    The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

  • CVE-2015-8103CriNov 25, 2015
    risk 0.67cvss 9.8epss 0.87

    The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in…

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2019-10458CriOct 16, 2019
    risk 0.65cvss 9.9epss 0.02

    Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

  • CVE-2019-1003032CriMar 8, 2019
    risk 0.65cvss 9.9epss 0.02

    A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java,…

  • CVE-2023-49656CriNov 29, 2023
    risk 0.64cvss 9.8epss 0.01

    Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2023-49654CriNov 29, 2023
    risk 0.64cvss 9.8epss 0.01

    Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.

  • CVE-2023-28677CriApr 2, 2023
    risk 0.64cvss 9.8epss 0.01

    Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to…

  • CVE-2023-24444CriJan 26, 2023
    risk 0.64cvss 9.8epss 0.01

    Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

  • CVE-2022-45400CriNov 15, 2022
    risk 0.64cvss 9.8epss 0.01

    Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2022-45396CriNov 15, 2022
    risk 0.64cvss 9.8epss 0.01

    Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2022-45395CriNov 15, 2022
    risk 0.64cvss 9.8epss 0.01

    Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2022-43406CriOct 19, 2022
    risk 0.64cvss 9.9epss 0.01

    A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox…

  • CVE-2022-43405CriOct 19, 2022
    risk 0.64cvss 9.9epss 0.01

    A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and…

  • CVE-2022-43404CriOct 19, 2022
    risk 0.64cvss 9.9epss 0.01

    A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including…

  • CVE-2022-43403CriOct 19, 2022
    risk 0.64cvss 9.9epss 0.01

    A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection…

  • CVE-2022-43402CriOct 19, 2022
    risk 0.64cvss 9.9epss 0.01

    A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the…

  • CVE-2022-43401CriOct 19, 2022
    risk 0.64cvss 9.9epss 0.01

    A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass…

  • CVE-2022-41238CriSep 21, 2022
    risk 0.64cvss 9.8epss 0.01

    A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

  • CVE-2022-41237CriSep 21, 2022
    risk 0.64cvss 9.8epss 0.01

    Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.