Jenkins Core vulnerabilities

65 known vulnerabilities affecting jenkins/jenkins_core.

Total CVEs

65

CISA KEV

2

actively exploited

Public exploits

7

Exploited in wild

2

Severity breakdown

CRITICAL12HIGH41MEDIUM11LOW1

Vulnerabilities

Page 4 of 4

CVE-2013-2186CRITICALCVSS 5.02014-10-01

CVE-2013-2186 [MEDIUM] Jenkins Security Advisory 2014-10-01 Title: Jenkins Security Advisory 2014-10-01 Jenkins Security Advisory 2014-10-01 This advisory announces: multiple security vulnerabilities that were found in Jenkins core. two security vulnerabilities found in the monitoring plugin Description SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake) This vulnerability allows unauthenticated users with access to J

CVE-2013-5573HIGHCVSS 4.3PoC2014-02-14

CVE-2013-5573 [MEDIUM] Jenkins Security Advisory 2014-02-14 Title: Jenkins Security Advisory 2014-02-14 Jenkins Security Advisory 2014-02-14 This advisory announces multiple security vulnerabilities that were found in Jenkins core. Description SECURITY-105 In some places, Jenkins XML API uses XStream to deserialize arbitrary content, which is affected by CVE-2013-7285 reported against XStream. This allows malicious users of Jenkins with a lim

CVE-2013-6372MEDIUMCVSS 2.12013-11-20

CVE-2013-6372 [LOW] Jenkins Security Advisory 2013-11-20 Title: Jenkins Security Advisory 2013-11-20 Jenkins Security Advisory 2013-11-20 This advisory announces multiple security vulnerabilities that were found in several Jenkins plugins. Description SECURITY-58 / CVE-2013-6372 Subversion plugin was not storing credentials by using the security mechanism Jenkins core provides to plugins. As a result people with local system access on the Jen

CVE-2013-1808CRITICALCVSS 4.32013-05-02

CVE-2013-1808 [MEDIUM] Jenkins Security Advisory 2013-05-02 Title: Jenkins Security Advisory 2013-05-02 Jenkins Security Advisory 2013-05-02 This advisory announces multiple security vulnerabilities that were found in Jenkins core. Description SECURITY-63 / CVE-2013-2034 This creates a cross-site request forgery (CSRF) vulnerability on the Jenkins controller, where an anonymous attacker can trick an administrator to execute arbitrary code on

CVE-2012-6072HIGHCVSS 4.32012-11-20

CVE-2012-6072 [MEDIUM] Jenkins Security Advisory 2012-11-20 Title: Jenkins Security Advisory 2012-11-20 Jenkins Security Advisory 2012-11-20 This advisory announces two security vulnerabilities that were found in Jenkins core. Description The first vulnerability is commonly known as HTTP response splitting vulnerability, which can act as a cross-site scripting vulnerability. This allows an anonymous attacker to inject malicious HTMLs to pages

← Previous4 / 4