Search
Search Results (11 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27099 | 1 Jenkins Project | 1 Jenkins | 2026-02-19 | 8 High |
| Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission. | ||||
| CVE-2026-27100 | 1 Jenkins Project | 1 Jenkins | 2026-02-19 | 4.3 Medium |
| Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name. | ||||
| CVE-2024-52551 | 3 Jenkins, Jenkins Project, Redhat | 3 Pipeline\, Jenkins Pipeline Declaratrive Plugin, Ocp Tools | 2025-10-08 | 8 High |
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | ||||
| CVE-2024-52552 | 2 Jenkins, Jenkins Project | 2 Authorize Project, Jenkins Authorize Project Plugin | 2025-10-03 | 8 High |
| Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2024-54003 | 2 Jenkins, Jenkins Project | 2 Simple Queue, Jenkins Simple Queue Plugin | 2025-10-03 | 8 High |
| Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. | ||||
| CVE-2023-49673 | 2 Jenkins, Jenkins Project | 5 Google Compute Engine, Jira, Matlab and 2 more | 2025-06-05 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2024-47806 | 2 Jenkins, Jenkins Project | 2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin | 2025-05-06 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2024-47807 | 2 Jenkins, Jenkins Project | 2 Openid Connect Authentication, Jenkins Openid Connect Authentication Plugin | 2025-05-06 | 8.1 High |
| Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins. | ||||
| CVE-2023-40339 | 3 Jenkins, Jenkins Project, Redhat | 3 Config File Provider, Jenkins Config File Provider Plugin, Ocp Tools | 2024-11-21 | 7.5 High |
| Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | ||||
| CVE-2023-37947 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-21 | 6.1 Medium |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||||
| CVE-2023-37946 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-21 | 8.8 High |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | ||||
Page 1 of 1.