Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3667 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | |||||
| CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | |||||
| CVE-2014-2063 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 7.5 HIGH | N/A |
| Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2013-7330 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 4.0 MEDIUM | N/A |
| Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | |||||
| CVE-2014-2060 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | |||||
| CVE-2014-2058 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 6.5 MEDIUM | N/A |
| BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. | |||||
| CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 3.5 LOW | N/A |
| Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | |||||
| CVE-2016-3721 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. | |||||
| CVE-2014-2068 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 3.5 LOW | N/A |
| The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | |||||
| CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | |||||
| CVE-2015-1812 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813. | |||||
| CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
| The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | |||||
| CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
| CVE-2015-7538 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | |||||
| CVE-2014-2061 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 5.0 MEDIUM | N/A |
| The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | |||||
| CVE-2013-0328 | 1 Jenkins | 1 Jenkins | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4344 | 1 Jenkins | 1 Jenkins | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | |||||
| CVE-2013-0330 | 1 Jenkins | 1 Jenkins | 2025-04-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. | |||||
| CVE-2012-0325 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. | |||||
| CVE-2012-0324 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. | |||||