Filtered by vendor Jenkins
Subscriptions
Total
1633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32754 | 1 Jenkins | 1 Ssh-agent | 2025-05-02 | 9.1 Critical |
| In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | ||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2025-05-02 | 8.8 High |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | ||||
| CVE-2025-32755 | 1 Jenkins | 1 Ssh-slave | 2025-05-02 | 9.1 Critical |
| In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | ||||
| CVE-2021-28165 | 5 Eclipse, Jenkins, Netapp and 2 more | 28 Jetty, Jenkins, Cloud Manager and 25 more | 2025-05-01 | 7.5 High |
| In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | ||||
| CVE-2022-45391 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-04-30 | 7.5 High |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. | ||||
| CVE-2022-45390 | 1 Jenkins | 1 Loader.io | 2025-04-30 | 4.3 Medium |
| A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-45389 | 1 Jenkins | 1 Xp-dev | 2025-04-30 | 5.3 Medium |
| A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository. | ||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2025-04-30 | 7.5 High |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | ||||
| CVE-2022-45387 | 1 Jenkins | 1 Bart | 2025-04-30 | 5.4 Medium |
| Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-45386 | 1 Jenkins | 1 Violations | 2025-04-30 | 5.5 Medium |
| Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45385 | 1 Jenkins | 1 Cloudbees Docker Hub\/registry Notification | 2025-04-30 | 7.5 High |
| A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | ||||
| CVE-2022-45384 | 1 Jenkins | 1 Reverse Proxy Auth | 2025-04-30 | 6.5 Medium |
| Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | ||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2025-04-30 | 9.8 Critical |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45394 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 4.3 Medium |
| A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. | ||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | ||||
| CVE-2022-45392 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-04-30 | 6.5 Medium |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-45401 | 1 Jenkins | 1 Associated Files | 2025-04-30 | 5.4 Medium |
| Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-45400 | 1 Jenkins | 1 Japex | 2025-04-30 | 9.8 Critical |
| Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-45399 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | 4.3 Medium |
| A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | ||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | ||||