✅ 檢查你的版本
所有已知漏洞
CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE >= 1.606, < 2.426.3
>= 2.50, < 2.57
from 0, < 2.138.4
HIGH7.5CVE-2015-5317⚠ KEVJenkins discloses project names via fingerprints from 0, < 1.625.2
CRITICAL9.8CVE-2017-1000362Exposure of Sensitive Information to an Unauthorized Actor in Jenkins >= 1.498, < 2.32.2
CRITICAL9.8CVE-2016-0788Jenkins allows Execution of Code by Opening a JRMP Listener >= 1.643, < 1.650
CRITICAL9.8CVE-2016-0791Exposure of Sensitive Information in Jenkins Core from 0, < 1.650
CRITICAL9.8CVE-2016-9299Improper Neutralization of Special Elements used in an LDAP Query in Jenkins >= 2.20, < 2.32
CRITICAL9.1CVE-2021-21697Agent-to-controller access control allows reading/writing most content of build directories in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2024-43044Jenkins Remoting library arbitrary file read vulnerability from 0, < 2.452.4
CRITICAL9.0CVE-2021-21686Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21692Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21690Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21691Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21687Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21694Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21688Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21685Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21689Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21693Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
CRITICAL9.0CVE-2021-21695Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins from 0, < 2.303.3
HIGH8.8CVE-2026-33001Jenkins has a link following vulnerability allows arbitrary file creation from 0, < 2.555
HIGH8.8CVE-2024-23898Cross-site WebSocket hijacking vulnerability in the Jenkins CLI >= 2.217, < 2.426.3
>= 2.376, < 2.394
HIGH8.8CVE-2021-21696Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin from 0, < 2.303.3
from 0, < 2.204.6
from 0, < 2.176.3
HIGH8.8CVE-2016-0792Jenkins allows Deserialization of Untrusted Data via an XML File >= 1.643, < 1.650
>= 2.50, < 2.57
>= 2.50, < 2.57
from 0, < 2.73.2
from 0, < 2.32.2
HIGH8.8CVE-2015-7537Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack >= 1.626, < 1.640
HIGH8.8CVE-2015-7538Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack >= 1.626, < 1.640
from 0, < 2.121.2
HIGH8.8CVE-2012-4438Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access from 0, < 1.466.2
HIGH8.6CVE-2020-2099Inbound TCP Agent Protocol/3 authentication bypass in Jenkins from 0, < 2.204.2
HIGH8.2CVE-2018-1000863Improper Limitation of a Pathname to a Restricted Directory in Jenkins from 0, < 2.138.4
>= 2.81, < 2.89.2
>= 2.81, < 2.89.2
from 0, < 2.107.3
from 0, < 2.164.2
HIGH8.0CVE-2026-27099Jenkins has a stored XSS vulnerability in node offline cause description >= 2.542, < 2.551
>= 2.50, < 2.414.2
HIGH8.0CVE-2023-39151Jenkins Stored Cross-site Scripting vulnerability >= 2.402, < 2.414.1
from 0, < 2.400
HIGH8.0CVE-2022-41224Jenkins vulnerable to stored cross site scripting in the I:helpIcon component >= 2.367, < 2.370
>= 2.350, < 2.356
>= 2.340, < 2.356
>= 2.340, < 2.356
>= 2.350, < 2.356
HIGH8.0CVE-2021-21605Path traversal vulnerability in Jenkins agent names from 0, < 2.263.2
HIGH8.0CVE-2021-21604Improper handling of REST API XML deserialization errors in Jenkins from 0, < 2.263.2
HIGH8.0CVE-2020-2230Jenkins Cross-site Scripting vulnerability in project naming strategy from 0, < 2.235.4
HIGH8.0CVE-2020-2229Jenkins Cross-Site Scripting vulnerability in help icons from 0, < 2.235.4
HIGH8.0CVE-2020-2222Stored XSS vulnerability in Jenkins 'keep forever' badge icon from 0, < 2.235.2
HIGH8.0CVE-2020-2221Stored XSS vulnerability in Jenkins upstream cause from 0, < 2.235.2
HIGH8.0CVE-2020-2220Stored XSS vulnerability in Jenkins job build time trend from 0, < 2.235.2
HIGH8.0CVE-2020-2223Stored XSS vulnerability in Jenkins console links from 0, < 2.235.2
HIGH7.8CVE-2018-1000410Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.138.2
HIGH7.5CVE-2026-33002Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation >= 2.442, < 2.555
HIGH7.5CVE-2025-67635Jenkins has a Denial of service vulnerability in HTTP-based CLI >= 2.529, < 2.541
>= 2.388, < 2.394
>= 2.335, < 2.356
>= 2.292, < 2.300
HIGH7.5CVE-2015-1809XML external entity (XXE) vulnerability in Jenkins >= 1.597, < 1.600
HIGH7.5CVE-2015-1811XML external entity (XXE) vulnerability in Jenkins >= 1.597, < 1.600
from 0, < 2.176.2
from 0, < 2.73.2
HIGH7.5CVE-2018-1999043Missing Release of Resource after Effective Lifetime in Jenkins from 0, < 2.121.3
HIGH7.5CVE-2015-7539Jenkins does not Verify Checksums for Plugin Files from 0, < 1.625.2
from 0, < 2.121.2
HIGH7.5CVE-2012-0785Hash collision attack vulnerability in Jenkins >= 1.425, < 1.447
HIGH7.4CVE-2016-3726Jenkins affected by Open Redirect Vulnerability >= 1.652, < 2.3
from 0, < 2.73.3
from 0, < 2.150.2
from 0, < 2.159
HIGH7.0CVE-2023-43496Jenkins temporary plugin file created with insecure permissions >= 2.50, < 2.414.2
>= 2.376, < 2.387.1
>= 2.388, < 2.394
MEDIUM6.5CVE-2021-21683Path traversal vulnerability on Windows in Jenkins from 0, < 2.303.2
MEDIUM6.5CVE-2021-21607Excessive memory allocation in graph URLs leads to denial of service in Jenkins from 0, < 2.263.2
MEDIUM6.5CVE-2021-21602Arbitrary file read vulnerability in workspace browsers in Jenkins from 0, < 2.263.2
MEDIUM6.5CVE-2019-10352Improper Limitation of a Pathname to a Restricted Directory in Jenkins from 0, < 2.176.2
MEDIUM6.5CVE-2016-3721Jenkins allows Remote Users to Inject Build Parameters >= 1.660, < 2.3
MEDIUM6.5CVE-2016-3724Jenkins Exposes Sensitive Information from Job Configuration >= 1.652, < 2.3
>= 2.50, < 2.57
from 0, < 2.138.2
MEDIUM6.5CVE-2018-1000997Improper Limitation of a Pathname to a Restricted Directory in Jenkins from 0, < 2.138.2
from 0, < 2.121.3
from 0, < 2.138
from 0, < 2.138.4
from 0, < 2.138.2
MEDIUM6.5CVE-2018-6356Improper Limitation of a Pathname to a Restricted Directory in Jenkins from 0, < 2.89.4
MEDIUM6.5CVE-2022-0538DoS vulnerability in bundled XStream library in Jenkins Core >= 2.320, < 2.334
MEDIUM6.3CVE-2021-21682Improper handling of equivalent directory names on Windows in Jenkins >= 2.304, < 2.315
MEDIUM6.1CVE-2021-21610Reflected XSS vulnerability in Jenkins markup formatter preview from 0, < 2.263.2
MEDIUM6.1CVE-2016-0789Jenkins has CRLF Injection Vulnerability in the CLI >= 1.643, < 1.650
from 0, < 2.138.2
MEDIUM6.1CVE-2012-4439Jenkins allows Cross-Site Scripting (XSS) via Crafted URL from 0, < 1.466.2
from 0, < 2.73.2
MEDIUM5.8CVE-2020-2100Jenkins vulnerable to UDP amplification reflection attack from 0, < 2.204.2
MEDIUM5.4CVE-2025-27624Jenkins cross-site request forgery (CSRF) vulnerability >= 2.493, < 2.500
MEDIUM5.4CVE-2024-43045Jenkins does not perform a permission check in an HTTP endpoint from 0, < 2.452.4
MEDIUM5.4CVE-2019-10402Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.176.4
MEDIUM5.4CVE-2019-10403Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.176.4
MEDIUM5.4CVE-2019-10401Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.176.4
MEDIUM5.4CVE-2019-10404Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.176.4
MEDIUM5.4CVE-2021-21611Stored XSS vulnerability in Jenkins on new item page from 0, < 2.263.2
MEDIUM5.4CVE-2021-21608Stored XSS vulnerability in Jenkins button labels from 0, < 2.275
from 0, < 2.275
MEDIUM5.4CVE-2020-2231Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.235.4
MEDIUM5.4CVE-2020-2163Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.228
MEDIUM5.4CVE-2020-2161Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.228
MEDIUM5.4CVE-2020-2162Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.228
MEDIUM5.4CVE-2020-2103Jenkins Diagnostic page exposed session cookies >= 2.205, < 2.219
MEDIUM5.4CVE-2015-7536Improper Neutralization of Input During Web Page Generation in Jenkins >= 1.626, < 1.640
from 0, < 2.121.3
from 0, < 2.138.2
>= 2.108, < 2.116
from 0, < 2.32.2
MEDIUM5.4CVE-2017-2610Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.32.2
MEDIUM5.4CVE-2017-2612Incorrect Permission Assignment for Critical Resource in Jenkins from 0, < 2.32.2
MEDIUM5.4CVE-2017-2607Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.32.2
from 0, < 2.32.2
from 0, < 2.32.2
MEDIUM5.4CVE-2018-1999007Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin from 0, < 2.121.2
MEDIUM5.4CVE-2019-1003050Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.164.2
MEDIUM5.4CVE-2018-1999005Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.121.2
MEDIUM5.3CVE-2025-59476Jenkins has a log message injection vulnerability from 0, < 2.516.3
MEDIUM5.3CVE-2025-59474Jenkins has a missing permission check, allowing users to obtain agent names from 0, < 2.516.3
MEDIUM5.3CVE-2022-34174Observable timing discrepancy allows determining username validity in Jenkins >= 2.334, < 2.356
MEDIUM5.3CVE-2021-21615Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins from 0, < 2.263.3
MEDIUM5.3CVE-2021-21609Missing permission check for paths with specific prefix in Jenkins from 0, < 2.263.2
from 0, < 2.204.2
MEDIUM5.3CVE-2020-2101Non-constant time comparison of inbound TCP agent connection secret from 0, < 2.204.2
MEDIUM5.3CVE-2014-9635Jenkins HttpOnly flag not Set for session cookies from 0, < 1.586
MEDIUM5.3CVE-2014-9634Jenkins secure flag not set on session cookies from 0, < 1.586
MEDIUM5.3CVE-2016-0790Exposure of Sensitive Information in Jenkins Core from 0, < 1.650
from 0, < 2.121.3
MEDIUM5.3CVE-2018-1000169Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.107.2
from 0, < 2.89.4
MEDIUM5.3CVE-2018-1000068Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.89.4
MEDIUM4.8CVE-2019-10406Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.176.4
MEDIUM4.8CVE-2019-10383Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.176.3
MEDIUM4.8CVE-2017-1000392Improper Neutralization of Input During Web Page Generation in Jenkins from 0, < 2.73.3
from 0, < 2.94
MEDIUM4.3CVE-2026-27100Jenkins has a build information disclosure vulnerability through Run Parameter >= 2.542, < 2.551
MEDIUM4.3CVE-2025-67636Jenkins is missing a permission check on password fields >= 2.529, < 2.541
MEDIUM4.3CVE-2025-67637Jenkins's build authorization token is stored and displayed in plain text >= 2.529, < 2.541
MEDIUM4.3CVE-2025-67638Jenkins's build authorization token is stored and displayed in plain text >= 2.529, < 2.541
MEDIUM4.3CVE-2025-59475Jenkins is missing a permission check in the authenticated users' profile menu from 0, < 2.516.3
>= 2.500, < 2.504
>= 2.500, < 2.504
MEDIUM4.3CVE-2025-27623Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission from 0, < 2.492.2
MEDIUM4.3CVE-2025-27622Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission >= 2.493, < 2.500
from 0, < 2.492.2
MEDIUM4.3CVE-2024-47804Jenkins item creation restriction bypass vulnerability from 0, < 2.462.3
MEDIUM4.3CVE-2024-47803Jenkins exposes multi-line secrets through error messages from 0, < 2.462.3
MEDIUM4.3CVE-2023-43494Jenkins does not exclude sensitive build variables from search >= 2.50, < 2.414.2
MEDIUM4.3CVE-2023-27902Incorrect Permission Preservation in Jenkins Core >= 2.376, < 2.387.1
MEDIUM4.3CVE-2019-10405Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.176.4
MEDIUM4.3CVE-2021-21670Improper permission checks allow canceling queue items and aborting builds in Jenkins from 0, < 2.289.2
from 0, < 2.277.2
MEDIUM4.3CVE-2021-21639Lack of type validation in agent related REST API in Jenkins from 0, < 2.277.2
MEDIUM4.3CVE-2021-21606Arbitrary file existence check in file fingerprints in Jenkins from 0, < 2.263.2
MEDIUM4.3CVE-2020-2104Memory usage graphs accessible to anyone with Overall/Read from 0, < 2.204.2
from 0, < 2.176.2
MEDIUM4.3CVE-2016-3723Exposure of Sensitive Information in Jenkins Core from 0, < 2.3
from 0, < 2.3
from 0, < 2.3
MEDIUM4.3CVE-2016-3727Jenkins Exposes Sensitive Information via API URL >= 1.652, < 2.3
MEDIUM4.3CVE-2018-1999006Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.121.2
MEDIUM4.3CVE-2018-1999046Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.121.3
MEDIUM4.3CVE-2017-1000399Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.73.2
MEDIUM4.3CVE-2018-1000862Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.138.4
MEDIUM4.3CVE-2017-1000395Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.73.2
MEDIUM4.3CVE-2017-1000398Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.73.2
from 0, < 2.32.2
MEDIUM4.3CVE-2017-2602Incomplete List of Disallowed Inputs in Jenkins from 0, < 2.32.2
MEDIUM4.3CVE-2017-2600Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.32.2
MEDIUM4.3CVE-2017-2609Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.32.2
MEDIUM4.3CVE-2017-2606Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.32.2
from 0, < 2.32.2
from 0, < 2.73.2
from 0, < 2.44
MEDIUM4.3CVE-2018-1000192Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.107.3
from 0, < 2.107.3
from 0, < 2.121.2
from 0, < 2.107.3
from 0, < 2.121.2
>= 2.320, < 2.330
LOW3.6CVE-2023-43497Jenkins temporary uploaded file created with insecure permissions >= 2.50, < 2.414.2
LOW3.6CVE-2023-43498Jenkins temporary uploaded file created with insecure permissions >= 2.50, < 2.414.2
>= 2.376, < 2.387.1
LOW3.5CVE-2025-67639Jenkins has a CSRF vulnerability on the login form >= 2.529, < 2.541
LOW3.5CVE-2017-2603Exposure of Sensitive Information to an Unauthorized Actor in Jenkins from 0, < 2.32.2
LOW3.1CVE-2023-27904Information disclosure through error stack traces related to agents >= 2.376, < 2.387.1
from 0, < 2.204.2
from 0, < 2.73.2
from 0, < 1.409.3
>= 1.533, < 1.551
—CVE-2013-7330Jenkins allows attackers to configure restricted projects >= 1.481, < 1.502
from 0, < 1.532.2
>= 1.533, < 1.551
—CVE-2014-2061Jenkin allows attackers to obtain passwords by reading the HTML source code >= 1.533, < 1.551
—CVE-2014-2062Jenkins does not invalidate the API token when a user is deleted >= 1.533, < 1.551
—CVE-2014-2064Jenkins allows attackers to determine whether a user exists >= 1.533, < 1.551
>= 1.533, < 1.551
>= 1.533, < 1.551
>= 1.566, < 1.583
—CVE-2014-2068Jenkins allows attackers to obtain sensitive information >= 1.533, < 1.551
—CVE-2014-3663Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs >= 1.566, < 1.583
—CVE-2014-3662Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability >= 1.566, < 1.583
from 0, < 1.587
—CVE-2014-3666Jenkins allows for Code Execution via Crafted Packet to the CLI >= 1.566, < 1.583
—CVE-2015-1810Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation >= 1.597, < 1.600
—CVE-2015-1806Jenkins allows for Privilege Escalation by Remote Authenticated Users >= 1.597, < 1.600
—CVE-2014-3667Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code >= 1.566, < 1.583
—CVE-2014-3680Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability >= 1.566, < 1.583
>= 1.597, < 1.606
from 0, < 1.596.2
>= 1.597, < 1.600
—CVE-2015-1814Jenkins allows for Privilege Escalation by Remote Authenticated Users >= 1.597, < 1.606
from 0, < 1.509.1
—CVE-2013-5573Jenkins allows Cross-Site Scripting (XSS) in User Configuration from 0, <= 1.523
>= 1.533, < 1.551
>= 1.533, < 1.551
>= 1.566, < 1.583
—CVE-2012-6072Jenkins allows HTTP Injection and Response Splitting >= 1.481, < 1.491
>= 1.481, < 1.491
from 0, < 1.480.1
from 0, < 1.509.1
>= 1.566, < 1.583
>= 1.626, < 1.638
—CVE-2015-5320Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor >= 1.626, < 1.638
—CVE-2015-5319Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI >= 1.626, < 1.638
—CVE-2015-5318Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack from 0, < 1.625.2
from 0, < 1.625.2
from 0, < 1.625.2
from 0, < 1.625.2
—CVE-2015-5324Jenkins allows Unauthorized Viewing of Queue API Information >= 1.626, < 1.638
—CVE-2015-5321Jenkins has Information Disclosure via Sidepanel Widget >= 1.626, < 1.638
—CVE-2013-0331Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload >= 1.481, < 1.502
>= 1.481, < 1.502
>= 1.481, < 1.502
from 0, < 1.502
—CVE-2013-0330Jenkins allows Remote Users to Build Arbitrary Jobs >= 1.481, < 1.502
—CVE-2013-0158Jenkins allows attackers to obtain the master cryptographic key >= 1.481, < 1.498
>= 1.425, < 1.454
>= 1.425, < 1.454