pkg:Maven/org.jenkins-ci.main:jenkins-core

251 total CVEsCRITICAL20HIGH59MEDIUM113LOW8

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE
>= 1.606, < 2.426.3
CRITICAL9.8CVE-2017-1000353⚠ KEVDeserialization of Untrusted Data in Jenkins
>= 2.50, < 2.57
CRITICAL9.8CVE-2018-1000861⚠ KEVDeserialization of Untrusted Data in Jenkins
from 0, < 2.138.4
HIGH7.5CVE-2015-5317⚠ KEVJenkins discloses project names via fingerprints
from 0, < 1.625.2
CRITICAL9.8CVE-2017-1000362Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
>= 1.498, < 2.32.2
CRITICAL9.8CVE-2016-0788Jenkins allows Execution of Code by Opening a JRMP Listener
>= 1.643, < 1.650
CRITICAL9.8CVE-2016-0791Exposure of Sensitive Information in Jenkins Core
from 0, < 1.650
CRITICAL9.8CVE-2016-9299Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
>= 2.20, < 2.32
CRITICAL9.1CVE-2021-21697Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2024-43044Jenkins Remoting library arbitrary file read vulnerability
from 0, < 2.452.4
CRITICAL9.0CVE-2021-21686Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21692Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21690Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21691Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21687Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21694Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21688Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21685Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21689Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21693Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
CRITICAL9.0CVE-2021-21695Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
from 0, < 2.303.3
HIGH8.8CVE-2026-33001Jenkins has a link following vulnerability allows arbitrary file creation
from 0, < 2.555
HIGH8.8CVE-2024-23898Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
>= 2.217, < 2.426.3
HIGH8.8CVE-2023-27898Cross-site Scripting vulnerability in Jenkins
>= 2.376, < 2.394
HIGH8.8CVE-2021-21696Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
from 0, < 2.303.3
HIGH8.8CVE-2020-2160Cross-Site Request Forgery in Jenkins
from 0, < 2.204.6
HIGH8.8CVE-2019-10384Cross-Site Request Forgery in Jenkins
from 0, < 2.176.3
HIGH8.8CVE-2016-0792Jenkins allows Deserialization of Untrusted Data via an XML File
>= 1.643, < 1.650
HIGH8.8CVE-2017-1000356Cross-Site Request Forgery in Jenkins
>= 2.50, < 2.57
HIGH8.8CVE-2017-1000354Improper Authentication in Jenkins
>= 2.50, < 2.57
HIGH8.8CVE-2017-1000393OS Command Injection in Jenkins
from 0, < 2.73.2
HIGH8.8CVE-2017-2608Deserialization of Untrusted Data in Jenkins
from 0, < 2.32.2
HIGH8.8CVE-2015-7537Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
>= 1.626, < 1.640
HIGH8.8CVE-2015-7538Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
>= 1.626, < 1.640
HIGH8.8CVE-2018-1999001Improper Input Validation in Jenkins
from 0, < 2.121.2
HIGH8.8CVE-2012-4438Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
from 0, < 1.466.2
HIGH8.6CVE-2020-2099Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
from 0, < 2.204.2
HIGH8.2CVE-2018-1000863Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.138.4
HIGH8.1CVE-2017-1000503Race Condition in Jenkins
>= 2.81, < 2.89.2
HIGH8.1CVE-2017-1000504Cross-Site Request Forgery in Jenkins
>= 2.81, < 2.89.2
HIGH8.1CVE-2018-1000194Path Traversal in Jenkins
from 0, < 2.107.3
HIGH8.1CVE-2019-1003049Insufficient Session Expiration in Jenkins
from 0, < 2.164.2
HIGH8.0CVE-2026-27099Jenkins has a stored XSS vulnerability in node offline cause description
>= 2.542, < 2.551
HIGH8.0CVE-2023-43495Jenkins Cross-site Scripting vulnerability
>= 2.50, < 2.414.2
HIGH8.0CVE-2023-39151Jenkins Stored Cross-site Scripting vulnerability
>= 2.402, < 2.414.1
HIGH8.0CVE-2023-35141Jenkins CSRF protection bypass vulnerability
from 0, < 2.400
HIGH8.0CVE-2022-41224Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
>= 2.367, < 2.370
HIGH8.0CVE-2022-34171Cross-site Scripting vulnerability in Jenkins
>= 2.350, < 2.356
HIGH8.0CVE-2022-34172Cross-site Scripting vulnerability in Jenkins
>= 2.340, < 2.356
HIGH8.0CVE-2022-34173Cross-site Scripting vulnerability in Jenkins
>= 2.340, < 2.356
HIGH8.0CVE-2022-34170Cross-site Scripting vulnerability in Jenkins
>= 2.350, < 2.356
HIGH8.0CVE-2021-21605Path traversal vulnerability in Jenkins agent names
from 0, < 2.263.2
HIGH8.0CVE-2021-21604Improper handling of REST API XML deserialization errors in Jenkins
from 0, < 2.263.2
HIGH8.0CVE-2020-2230Jenkins Cross-site Scripting vulnerability in project naming strategy
from 0, < 2.235.4
HIGH8.0CVE-2020-2229Jenkins Cross-Site Scripting vulnerability in help icons
from 0, < 2.235.4
HIGH8.0CVE-2020-2222Stored XSS vulnerability in Jenkins 'keep forever' badge icon
from 0, < 2.235.2
HIGH8.0CVE-2020-2221Stored XSS vulnerability in Jenkins upstream cause
from 0, < 2.235.2
HIGH8.0CVE-2020-2220Stored XSS vulnerability in Jenkins job build time trend
from 0, < 2.235.2
HIGH8.0CVE-2020-2223Stored XSS vulnerability in Jenkins console links
from 0, < 2.235.2
HIGH7.8CVE-2018-1000410Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.138.2
HIGH7.5CVE-2026-33002Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
>= 2.442, < 2.555
HIGH7.5CVE-2025-67635Jenkins has a Denial of service vulnerability in HTTP-based CLI
>= 2.529, < 2.541
HIGH7.5CVE-2023-27901Denial of service in Jenkins Core
>= 2.388, < 2.394
HIGH7.5CVE-2022-34175Unauthorized view fragment access in Jenkins
>= 2.335, < 2.356
HIGH7.5CVE-2021-21671Session fixation vulnerability in Jenkins
>= 2.292, < 2.300
HIGH7.5CVE-2015-1809XML external entity (XXE) vulnerability in Jenkins
>= 1.597, < 1.600
HIGH7.5CVE-2015-1811XML external entity (XXE) vulnerability in Jenkins
>= 1.597, < 1.600
HIGH7.5CVE-2019-10353Cross-Site Request Forgery in Jenkins
from 0, < 2.176.2
HIGH7.5CVE-2017-1000394Improper Input Validation in Jenkins
from 0, < 2.73.2
HIGH7.5CVE-2018-1999043Missing Release of Resource after Effective Lifetime in Jenkins
from 0, < 2.121.3
HIGH7.5CVE-2015-7539Jenkins does not Verify Checksums for Plugin Files
from 0, < 1.625.2
HIGH7.5CVE-2018-1999002Improper Input Validation in Jenkins
from 0, < 2.121.2
HIGH7.5CVE-2012-0785Hash collision attack vulnerability in Jenkins
>= 1.425, < 1.447
HIGH7.4CVE-2016-3726Jenkins affected by Open Redirect Vulnerability
>= 1.652, < 2.3
HIGH7.3CVE-2017-1000391Improper Input Validation in Jenkins
from 0, < 2.73.3
HIGH7.2CVE-2019-1003003Improper Authorization in Jenkins Core
from 0, < 2.150.2
HIGH7.2CVE-2019-1003004Improper Authorization in Jenkins Core
from 0, < 2.159
HIGH7.0CVE-2023-43496Jenkins temporary plugin file created with insecure permissions
>= 2.50, < 2.414.2
HIGH7.0CVE-2023-27899Incorrect Authorization in Jenkins Core
>= 2.376, < 2.387.1
MEDIUM6.5CVE-2023-27900Denial of service in Jenkins Core
>= 2.388, < 2.394
MEDIUM6.5CVE-2021-21683Path traversal vulnerability on Windows in Jenkins
from 0, < 2.303.2
MEDIUM6.5CVE-2021-21607Excessive memory allocation in graph URLs leads to denial of service in Jenkins
from 0, < 2.263.2
MEDIUM6.5CVE-2021-21602Arbitrary file read vulnerability in workspace browsers in Jenkins
from 0, < 2.263.2
MEDIUM6.5CVE-2019-10352Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.176.2
MEDIUM6.5CVE-2016-3721Jenkins allows Remote Users to Inject Build Parameters
>= 1.660, < 2.3
MEDIUM6.5CVE-2016-3724Jenkins Exposes Sensitive Information from Job Configuration
>= 1.652, < 2.3
MEDIUM6.5CVE-2017-1000355Deserialization of Untrusted Data in Jenkins
>= 2.50, < 2.57
MEDIUM6.5CVE-2018-1000406Path Traversal in Jenkins
from 0, < 2.138.2
MEDIUM6.5CVE-2018-1000997Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.138.2
MEDIUM6.5CVE-2018-1999047Incorrect Authorization in Jenkins
from 0, < 2.121.3
MEDIUM6.5CVE-2018-1999044Infinite Loop in Jenkins Core
from 0, < 2.138
MEDIUM6.5CVE-2018-1000864Loop with Unreachable Exit Condition in Jenkins
from 0, < 2.138.4
MEDIUM6.5CVE-2018-1000408Improper Authorization in Jenkins
from 0, < 2.138.2
MEDIUM6.5CVE-2018-6356Improper Limitation of a Pathname to a Restricted Directory in Jenkins
from 0, < 2.89.4
MEDIUM6.5CVE-2022-0538DoS vulnerability in bundled XStream library in Jenkins Core
>= 2.320, < 2.334
MEDIUM6.3CVE-2021-21682Improper handling of equivalent directory names on Windows in Jenkins
>= 2.304, < 2.315
MEDIUM6.1CVE-2021-21610Reflected XSS vulnerability in Jenkins markup formatter preview
from 0, < 2.263.2
MEDIUM6.1CVE-2016-0789Jenkins has CRLF Injection Vulnerability in the CLI
>= 1.643, < 1.650
MEDIUM6.1CVE-2018-1000407Cross-site Scripting in Jenkins
from 0, < 2.138.2
MEDIUM6.1CVE-2012-4439Jenkins allows Cross-Site Scripting (XSS) via Crafted URL
from 0, < 1.466.2
MEDIUM5.9CVE-2017-1000396Improper Certificate Validation in Jenkins
from 0, < 2.73.2
MEDIUM5.8CVE-2020-2100Jenkins vulnerable to UDP amplification reflection attack
from 0, < 2.204.2
MEDIUM5.4CVE-2025-27624Jenkins cross-site request forgery (CSRF) vulnerability
>= 2.493, < 2.500
MEDIUM5.4CVE-2024-43045Jenkins does not perform a permission check in an HTTP endpoint
from 0, < 2.452.4
MEDIUM5.4CVE-2019-10402Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4CVE-2019-10403Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4CVE-2019-10401Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4CVE-2019-10404Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM5.4CVE-2021-21611Stored XSS vulnerability in Jenkins on new item page
from 0, < 2.263.2
MEDIUM5.4CVE-2021-21608Stored XSS vulnerability in Jenkins button labels
from 0, < 2.275
MEDIUM5.4CVE-2021-21603XSS vulnerability in Jenkins notification bar
from 0, < 2.275
MEDIUM5.4CVE-2020-2231Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.235.4
MEDIUM5.4CVE-2020-2163Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.228
MEDIUM5.4CVE-2020-2161Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.228
MEDIUM5.4CVE-2020-2162Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.228
MEDIUM5.4CVE-2020-2103Jenkins Diagnostic page exposed session cookies
>= 2.205, < 2.219
MEDIUM5.4CVE-2015-7536Improper Neutralization of Input During Web Page Generation in Jenkins
>= 1.626, < 1.640
MEDIUM5.4CVE-2018-1999045Improper Authentication in Jenkins
from 0, < 2.121.3
MEDIUM5.4CVE-2018-1000409Session Fixation in Jenkins
from 0, < 2.138.2
MEDIUM5.4CVE-2018-1000170Cross-site Scripting in Jenkins Core
>= 2.108, < 2.116
MEDIUM5.4CVE-2017-2613Cross-Site Request Forgery in Jenkins
from 0, < 2.32.2
MEDIUM5.4CVE-2017-2610Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.32.2
MEDIUM5.4CVE-2017-2612Incorrect Permission Assignment for Critical Resource in Jenkins
from 0, < 2.32.2
MEDIUM5.4CVE-2017-2607Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.32.2
MEDIUM5.4CVE-2017-2599Incorrect Authorization in Jenkins
from 0, < 2.32.2
MEDIUM5.4CVE-2017-2601Cross-site Scripting in Jenkins
from 0, < 2.32.2
MEDIUM5.4CVE-2018-1999007Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin
from 0, < 2.121.2
MEDIUM5.4CVE-2019-1003050Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.164.2
MEDIUM5.4CVE-2018-1999005Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.121.2
MEDIUM5.3CVE-2025-59476Jenkins has a log message injection vulnerability
from 0, < 2.516.3
MEDIUM5.3CVE-2025-59474Jenkins has a missing permission check, allowing users to obtain agent names
from 0, < 2.516.3
MEDIUM5.3CVE-2022-34174Observable timing discrepancy allows determining username validity in Jenkins
>= 2.334, < 2.356
MEDIUM5.3CVE-2021-21615Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
from 0, < 2.263.3
MEDIUM5.3CVE-2021-21609Missing permission check for paths with specific prefix in Jenkins
from 0, < 2.263.2
MEDIUM5.3CVE-2020-2102Non-constant time HMAC comparison
from 0, < 2.204.2
MEDIUM5.3CVE-2020-2101Non-constant time comparison of inbound TCP agent connection secret
from 0, < 2.204.2
MEDIUM5.3CVE-2014-9635Jenkins HttpOnly flag not Set for session cookies
from 0, < 1.586
MEDIUM5.3CVE-2014-9634Jenkins secure flag not set on session cookies
from 0, < 1.586
MEDIUM5.3CVE-2016-0790Exposure of Sensitive Information in Jenkins Core
from 0, < 1.650
MEDIUM5.3CVE-2018-1999042Deserialization of Untrusted Data in Jenkins
from 0, < 2.121.3
MEDIUM5.3CVE-2018-1000169Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.107.2
MEDIUM5.3CVE-2018-1000067Server-Side Request Forgery in Jenkins
from 0, < 2.89.4
MEDIUM5.3CVE-2018-1000068Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.89.4
MEDIUM4.8CVE-2019-10406Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.4
MEDIUM4.8CVE-2019-10383Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.176.3
MEDIUM4.8CVE-2017-1000392Improper Neutralization of Input During Web Page Generation in Jenkins
from 0, < 2.73.3
MEDIUM4.7CVE-2017-17383Cross-site Scripting in Jenkins Core
from 0, < 2.94
MEDIUM4.3CVE-2026-27100Jenkins has a build information disclosure vulnerability through Run Parameter
>= 2.542, < 2.551
MEDIUM4.3CVE-2025-67636Jenkins is missing a permission check on password fields
>= 2.529, < 2.541
MEDIUM4.3CVE-2025-67637Jenkins's build authorization token is stored and displayed in plain text
>= 2.529, < 2.541
MEDIUM4.3CVE-2025-67638Jenkins's build authorization token is stored and displayed in plain text
>= 2.529, < 2.541
MEDIUM4.3CVE-2025-59475Jenkins is missing a permission check in the authenticated users' profile menu
from 0, < 2.516.3
MEDIUM4.3CVE-2025-31720Jenkins Missing Permission Check
>= 2.500, < 2.504
MEDIUM4.3CVE-2025-31721Jenkins Missing Permission Check
>= 2.500, < 2.504
MEDIUM4.3CVE-2025-27623Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
from 0, < 2.492.2
MEDIUM4.3CVE-2025-27622Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
>= 2.493, < 2.500
MEDIUM4.3CVE-2025-27625Jenkins Open Redirect vulnerability
from 0, < 2.492.2
MEDIUM4.3CVE-2024-47804Jenkins item creation restriction bypass vulnerability
from 0, < 2.462.3
MEDIUM4.3CVE-2024-47803Jenkins exposes multi-line secrets through error messages
from 0, < 2.462.3
MEDIUM4.3CVE-2023-43494Jenkins does not exclude sensitive build variables from search
>= 2.50, < 2.414.2
MEDIUM4.3CVE-2023-27902Incorrect Permission Preservation in Jenkins Core
>= 2.376, < 2.387.1
MEDIUM4.3CVE-2019-10405Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.176.4
MEDIUM4.3CVE-2021-21670Improper permission checks allow canceling queue items and aborting builds in Jenkins
from 0, < 2.289.2
MEDIUM4.3CVE-2021-21640View name validation bypass in Jenkins
from 0, < 2.277.2
MEDIUM4.3CVE-2021-21639Lack of type validation in agent related REST API in Jenkins
from 0, < 2.277.2
MEDIUM4.3CVE-2021-21606Arbitrary file existence check in file fingerprints in Jenkins
from 0, < 2.263.2
MEDIUM4.3CVE-2020-2104Memory usage graphs accessible to anyone with Overall/Read
from 0, < 2.204.2
MEDIUM4.3CVE-2019-10354Missing Authorization in Jenkins
from 0, < 2.176.2
MEDIUM4.3CVE-2016-3723Exposure of Sensitive Information in Jenkins Core
from 0, < 2.3
MEDIUM4.3CVE-2016-3725Missing permissions check in Jenkins Core
from 0, < 2.3
MEDIUM4.3CVE-2016-3722Incorrect Authorization in Jenkins Core
from 0, < 2.3
MEDIUM4.3CVE-2016-3727Jenkins Exposes Sensitive Information via API URL
>= 1.652, < 2.3
MEDIUM4.3CVE-2018-1999006Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.121.2
MEDIUM4.3CVE-2018-1999046Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.121.3
MEDIUM4.3CVE-2017-1000399Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.73.2
MEDIUM4.3CVE-2018-1000862Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.138.4
MEDIUM4.3CVE-2017-1000395Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.73.2
MEDIUM4.3CVE-2017-1000398Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.73.2
MEDIUM4.3CVE-2017-2598Inadequate Encryption Strength in Jenkins
from 0, < 2.32.2
MEDIUM4.3CVE-2017-2602Incomplete List of Disallowed Inputs in Jenkins
from 0, < 2.32.2
MEDIUM4.3CVE-2017-2600Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
MEDIUM4.3CVE-2017-2609Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
MEDIUM4.3CVE-2017-2606Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
MEDIUM4.3CVE-2017-2604Improper Authentication in Jenkins
from 0, < 2.32.2
MEDIUM4.3CVE-2017-1000400Missing Authorization in Jenkins
from 0, < 2.73.2
MEDIUM4.3CVE-2017-2611Incorrect Authorization in Jenkins Core
from 0, < 2.44
MEDIUM4.3CVE-2018-1000192Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.107.3
MEDIUM4.3CVE-2018-1000193Injection in Jenkins
from 0, < 2.107.3
MEDIUM4.3CVE-2018-1999004Incorrect Authorization in Jenkins
from 0, < 2.121.2
MEDIUM4.3CVE-2018-1000195Cross-Site Request Forgery in Jenkins
from 0, < 2.107.3
MEDIUM4.3CVE-2018-1999003Incorrect Authorization in Jenkins
from 0, < 2.121.2
MEDIUM4.3CVE-2022-20612Cross-Site Request Forgery in Jenkins
>= 2.320, < 2.330
LOW3.6CVE-2023-43497Jenkins temporary uploaded file created with insecure permissions
>= 2.50, < 2.414.2
LOW3.6CVE-2023-43498Jenkins temporary uploaded file created with insecure permissions
>= 2.50, < 2.414.2
LOW3.6CVE-2023-27903Incorrect Authorization in Jenkins Core
>= 2.376, < 2.387.1
LOW3.5CVE-2025-67639Jenkins has a CSRF vulnerability on the login form
>= 2.529, < 2.541
LOW3.5CVE-2017-2603Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
from 0, < 2.32.2
LOW3.1CVE-2023-27904Information disclosure through error stack traces related to agents
>= 2.376, < 2.387.1
LOW3.1CVE-2020-2105Jenkins REST APIs vulnerable to clickjacking
from 0, < 2.204.2
LOW2.2CVE-2017-1000401Improper Input Validation in Jenkins
from 0, < 2.73.2
—CVE-2011-4344Jenkins allows Cross-Site Scripting (XSS)
from 0, < 1.409.3
—CVE-2014-2058Jenkins allows attackers to execute arbitrary jobs
>= 1.533, < 1.551
—CVE-2013-7330Jenkins allows attackers to configure restricted projects
>= 1.481, < 1.502
—CVE-2014-2060Jenkins allows Remote Attackers to Hijack Sessions
from 0, < 1.532.2
—CVE-2014-2063Jenkins Vulnerable to Clickjacking
>= 1.533, < 1.551
—CVE-2014-2061Jenkin allows attackers to obtain passwords by reading the HTML source code
>= 1.533, < 1.551
—CVE-2014-2062Jenkins does not invalidate the API token when a user is deleted
>= 1.533, < 1.551
—CVE-2014-2064Jenkins allows attackers to determine whether a user exists
>= 1.533, < 1.551
—CVE-2014-2065Jenkins cross-site scripting (XSS) vulnerability
>= 1.533, < 1.551
—CVE-2014-2066Jenkins session fixation vulnerability
>= 1.533, < 1.551
—CVE-2014-3661Jenkins Denial of Service vulnerability
>= 1.566, < 1.583
—CVE-2014-2068Jenkins allows attackers to obtain sensitive information
>= 1.533, < 1.551
—CVE-2014-3663Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
>= 1.566, < 1.583
—CVE-2014-3662Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
>= 1.566, < 1.583
—CVE-2014-3665Jenkins improperly ensures trust separation
from 0, < 1.587
—CVE-2014-3666Jenkins allows for Code Execution via Crafted Packet to the CLI
>= 1.566, < 1.583
—CVE-2015-1810Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
>= 1.597, < 1.600
—CVE-2015-1806Jenkins allows for Privilege Escalation by Remote Authenticated Users
>= 1.597, < 1.600
—CVE-2014-3667Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
>= 1.566, < 1.583
—CVE-2014-3680Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
>= 1.566, < 1.583
—CVE-2015-1813Jenkins allows Cross-Site Scripting (XSS)
>= 1.597, < 1.606
—CVE-2015-1812Jenkins Cross-site Scripting vulnerability
from 0, < 1.596.2
—CVE-2015-1808Jenkins Vulnerable to Denial of Service (DoS)
>= 1.597, < 1.600
—CVE-2015-1814Jenkins allows for Privilege Escalation by Remote Authenticated Users
>= 1.597, < 1.606
—CVE-2013-2034Jenkins Cross-Site Request Forgery vulnerabilities
from 0, < 1.509.1
—CVE-2013-5573Jenkins allows Cross-Site Scripting (XSS) in User Configuration
from 0, <= 1.523
—CVE-2014-2059Jenkins directory traversal vulnerability
>= 1.533, < 1.551
—CVE-2014-2067Jenkins cross-site scripting (XSS) vulnerability
>= 1.533, < 1.551
—CVE-2014-3664Jenkins Path Traversal vulnerability
>= 1.566, < 1.583
—CVE-2012-6072Jenkins allows HTTP Injection and Response Splitting
>= 1.481, < 1.491
—CVE-2012-6074Jenkins allows Cross-Site Scripting (XSS)
>= 1.481, < 1.491
—CVE-2012-6073Jenkins affected by Open Redirect Vulnerability
from 0, < 1.480.1
—CVE-2013-2033Jenkins vulnerable to Cross-site Scripting
from 0, < 1.509.1
—CVE-2014-3681Jenkins Cross-site Scripting vulnerability
>= 1.566, < 1.583
—CVE-2015-5322Jenkins has Local File Inclusion Vulnerability
>= 1.626, < 1.638
—CVE-2015-5320Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
>= 1.626, < 1.638
—CVE-2015-5319Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
>= 1.626, < 1.638
—CVE-2015-5318Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
from 0, < 1.625.2
—CVE-2015-5325Jenkins allows Bypass of Access Restrictions
from 0, < 1.625.2
—CVE-2015-5323Jenkins allows Administrators to Access API Tokens
from 0, < 1.625.2
—CVE-2015-5326Jenkins allows Cross-Site Scripting (XSS)
from 0, < 1.625.2
—CVE-2015-5324Jenkins allows Unauthorized Viewing of Queue API Information
>= 1.626, < 1.638
—CVE-2015-5321Jenkins has Information Disclosure via Sidepanel Widget
>= 1.626, < 1.638
—CVE-2013-0331Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
>= 1.481, < 1.502
—CVE-2013-0327Jenkins Cross-Site Request Forgery vulnerability
>= 1.481, < 1.502
—CVE-2013-0329Jenkins Cross-Site Request Forgery vulnerability
>= 1.481, < 1.502
—CVE-2013-0328Jenkins subject to Cross-site Scripting
from 0, < 1.502
—CVE-2013-0330Jenkins allows Remote Users to Build Arbitrary Jobs
>= 1.481, < 1.502
—CVE-2013-0158Jenkins allows attackers to obtain the master cryptographic key
>= 1.481, < 1.498
—CVE-2012-0324Jenkins allows Cross-Site Scripting (XSS)
>= 1.425, < 1.454
—CVE-2012-0325Jenkins allows Cross-Site Scripting (XSS)
>= 1.425, < 1.454