All projects

Security context

What an agent needs to avoid regressing past fixes — and find the next bug in this project.

Jenkins
jenkinsci/jenkins

The leading open-source automation server.

Maven · org.jenkins-ci.main:jenkins-core
252
Advisories
252
CVEs
Critical
Peak severity
219
With fix diff

Distribution

By severity

Critical
19
High
61
Medium
152
Low
20

By weakness class

Other
58
Cross-site Scripting
51
Auth / Access Control
37
Information Disclosure
32
Path Traversal
19
CSRF
17
Improper Validation
16
Deserialization
8
Denial of Service
3
Open Redirect
2

Every fixed vulnerability (252)

Critical16 fixed
CriticalArbitrary file read vulnerability through the Jenkins CLI can lead to RCE2y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalAgent-to-controller access control allows reading/writing most content of build directories in Jenkins4y agoCriticalMultiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins4y agoCriticalExposure of Sensitive Information to an Unauthorized Actor in Jenkins4y agoCriticalJenkins allows Execution of Code by Opening a JRMP Listener4y agoCriticalExposure of Sensitive Information in Jenkins Core4y ago
High38 fixed
HighJenkins: Stored XSS vulnerability in node offline cause description 1mo agoHighJenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation4mo agoHighJenkins has a link following vulnerability allows arbitrary file creation4mo agoHighJenkins has a stored XSS vulnerability in node offline cause description4mo agoHighJenkins has a Denial of service vulnerability in HTTP-based CLI7mo agoHighJenkins Remoting library arbitrary file read vulnerability1y agoHighCross-site WebSocket hijacking vulnerability in the Jenkins CLI2y agoHighJenkins temporary plugin file created with insecure permissions 2y agoHighJenkins Cross-site Scripting vulnerability2y agoHighJenkins Stored Cross-site Scripting vulnerability 2y agoHighJenkins CSRF protection bypass vulnerability3y agoHighDenial of service in Jenkins Core3y agoHighIncorrect Authorization in Jenkins Core3y agoHighCross-site Scripting vulnerability in Jenkins3y agoHighJenkins vulnerable to stored cross site scripting in the I:helpIcon component3y agoHighCross-site Scripting vulnerability in Jenkins4y agoHighCross-site Scripting vulnerability in Jenkins4y agoHighCross-site Scripting vulnerability in Jenkins4y agoHighCross-site Scripting vulnerability in Jenkins4y agoHighUnauthorized view fragment access in Jenkins4y agoHighAgent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin4y agoHighSession fixation vulnerability in Jenkins4y agoHighPath traversal vulnerability in Jenkins agent names4y agoHighImproper handling of REST API XML deserialization errors in Jenkins4y agoHighJenkins Cross-site Scripting vulnerability in project naming strategy4y agoHighJenkins Cross-Site Scripting vulnerability in help icons4y agoHighStored XSS vulnerability in Jenkins 'keep forever' badge icon4y agoHighStored XSS vulnerability in Jenkins upstream cause4y agoHighStored XSS vulnerability in Jenkins console links4y agoHighStored XSS vulnerability in Jenkins job build time trend4y agoHighCross-Site Request Forgery in Jenkins4y agoHighInbound TCP Agent Protocol/3 authentication bypass in Jenkins4y agoHighXML external entity (XXE) vulnerability in Jenkins4y agoHighXML external entity (XXE) vulnerability in Jenkins4y agoHighCross-Site Request Forgery in Jenkins4y agoHighCross-Site Request Forgery in Jenkins4y agoHighJenkins allows Deserialization of Untrusted Data via an XML File4y agoHighJenkins affected by Open Redirect Vulnerability4y ago
Medium85 fixed
MediumJenkins has a build information disclosure vulnerability through Run Parameter 4mo agoMediumJenkins's build authorization token is stored and displayed in plain text7mo agoMediumJenkins's build authorization token is stored and displayed in plain text7mo agoMediumJenkins is missing a permission check on password fields7mo agoMediumJenkins is missing a permission check in the authenticated users' profile menu 10mo agoMediumJenkins has a missing permission check, allowing users to obtain agent names10mo agoMediumJenkins has a log message injection vulnerability10mo agoMediumJenkins Missing Permission Check1y agoMediumJenkins Missing Permission Check1y agoMediumJenkins cross-site request forgery (CSRF) vulnerability1y agoMediumJenkins Open Redirect vulnerability 1y agoMediumJenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission1y agoMediumJenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission1y agoMediumJenkins item creation restriction bypass vulnerability1y agoMediumJenkins exposes multi-line secrets through error messages1y agoMediumJenkins does not perform a permission check in an HTTP endpoint1y agoMediumJenkins does not exclude sensitive build variables from search2y agoMediumIncorrect Permission Preservation in Jenkins Core3y agoMediumDenial of service in Jenkins Core3y agoMediumObservable timing discrepancy allows determining username validity in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumExposure of Sensitive Information to an Unauthorized Actor in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumPath traversal vulnerability on Windows in Jenkins4y agoMediumImproper handling of equivalent directory names on Windows in Jenkins4y agoMediumImproper permission checks allow canceling queue items and aborting builds in Jenkins4y agoMediumLack of type validation in agent related REST API in Jenkins4y agoMediumView name validation bypass in Jenkins4y agoMediumTime-of-check Time-of-use (TOCTOU) Race Condition in Jenkins4y agoMediumReflected XSS vulnerability in Jenkins markup formatter preview4y agoMediumExcessive memory allocation in graph URLs leads to denial of service in Jenkins4y agoMediumStored XSS vulnerability in Jenkins on new item page4y agoMediumMissing permission check for paths with specific prefix in Jenkins4y agoMediumXSS vulnerability in Jenkins notification bar4y agoMediumArbitrary file existence check in file fingerprints in Jenkins4y agoMediumArbitrary file read vulnerability in workspace browsers in Jenkins4y agoMediumStored XSS vulnerability in Jenkins button labels4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumJenkins Diagnostic page exposed session cookies4y agoMediumNon-constant time HMAC comparison4y agoMediumJenkins vulnerable to UDP amplification reflection attack4y agoMediumMemory usage graphs accessible to anyone with Overall/Read4y agoMediumNon-constant time comparison of inbound TCP agent connection secret4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumMissing Authorization in Jenkins4y agoMediumImproper Limitation of a Pathname to a Restricted Directory in Jenkins4y agoMediumJenkins allows attackers to execute arbitrary jobs4y agoMediumJenkins allows Remote Attackers to Hijack Sessions4y agoMediumJenkins allows attackers to configure restricted projects4y agoMediumJenkin allows attackers to obtain passwords by reading the HTML source code4y agoMediumJenkins does not invalidate the API token when a user is deleted4y agoMediumJenkins Vulnerable to Clickjacking4y agoMediumJenkins allows attackers to determine whether a user exists4y agoMediumJenkins session fixation vulnerability4y agoMediumJenkins cross-site scripting (XSS) vulnerability4y agoMediumJenkins Denial of Service vulnerability4y agoMediumImproper Neutralization of Input During Web Page Generation in Jenkins4y agoMediumJenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs4y agoMediumJenkins improperly ensures trust separation4y agoMediumJenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability4y agoMediumJenkins allows for Code Execution via Crafted Packet to the CLI4y agoMediumJenkins does not Restrict Reserved Names Allowing for Privilege Escalation 4y agoMediumJenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code4y agoMediumJenkins allows for Privilege Escalation by Remote Authenticated Users4y agoMediumJenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability4y agoMediumJenkins allows for Privilege Escalation by Remote Authenticated Users4y agoMediumJenkins Cross-site Scripting vulnerability4y agoMediumJenkins Cross-Site Request Forgery vulnerabilities4y agoMediumJenkins directory traversal vulnerability4y agoMediumJenkins cross-site scripting (XSS) vulnerability4y agoMediumJenkins Path Traversal vulnerability4y agoMediumJenkins HttpOnly flag not Set for session cookies4y agoMediumJenkins secure flag not set on session cookies4y agoMediumCross-site Scripting in Jenkins Core4y agoMediumJenkins has CRLF Injection Vulnerability in the CLI4y agoMediumExposure of Sensitive Information in Jenkins Core4y agoMediumJenkins allows Remote Users to Inject Build Parameters4y agoMediumExposure of Sensitive Information in Jenkins Core4y agoMediumIncorrect Authorization in Jenkins Core4y ago

Showing the 150 most recent of 252.