Jenkins Project Jenkins vulnerabilities
73 known vulnerabilities affecting jenkins_project/jenkins.
Total CVEs
73
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH16MEDIUM46
Vulnerabilities
Page 4 of 4
CVE-2021-21603P4MEDIUMCVSS 5.4≥ unspecified, ≤ 2.2742021-01-13
CVE-2021-21603 [MEDIUM] CWE-79 CVE-2021-21603: Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response content
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
nvd
CVE-2021-21608P4MEDIUMCVSS 5.4≥ unspecified, ≤ 2.2742021-01-13
CVE-2021-21608 [MEDIUM] CWE-79 CVE-2021-21608: Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI,
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
nvd
CVE-2020-2220P4MEDIUMCVSS 5.4≥ unspecified, ≤ 2.2442020-07-15
CVE-2020-2220 [MEDIUM] CWE-79 CVE-2020-2220: Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
nvd
CVE-2021-21670P4MEDIUMCVSS 4.3≥ unspecified, ≤ 2.2992021-06-30
CVE-2021-21670 [MEDIUM] CVE-2021-21670: Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort buil
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
nvd
CVE-2021-21640P4MEDIUMCVSS 4.3≥ unspecified, ≤ 2.2862021-04-07
CVE-2021-21640 [MEDIUM] CVE-2021-21640: Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
nvd
CVE-2021-21606P4MEDIUMCVSS 4.3≥ 2.242, < unspecified≥ unspecified, ≤ 2.2742021-01-13
CVE-2021-21606 [MEDIUM] CWE-20 CVE-2021-21606: Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fin
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.
nvd
CVE-2022-20612P4MEDIUMCVSS 4.3≥ unspecified, ≤ 2.3292022-01-12
CVE-2022-20612 [MEDIUM] CWE-352 CVE-2022-20612: A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earl
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
nvd
CVE-2019-10354P4MEDIUMCVSS 4.3v2.185 and earlier, LTS 2.176.1 and earlier2019-07-17
CVE-2019-10354 [MEDIUM] CWE-862 CVE-2019-10354: A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earl
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
nvd
CVE-2021-21682P4MEDIUMCVSS 4.3≥ unspecified, ≤ 2.3142021-10-06
CVE-2021-21682 [MEDIUM] CVE-2021-21682: Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a t
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
nvd
CVE-2019-10406P4MEDIUMCVSS 4.8v2.196 and earlier, LTS 2.176.3 and earlier2019-09-25
CVE-2019-10406 [MEDIUM] CWE-79 CVE-2019-10406: Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
nvd
CVE-2019-10383P4MEDIUMCVSS 4.8v2.191 and earlier, LTS 2.176.2 and earlier2019-08-28
CVE-2019-10383 [MEDIUM] CWE-79 CVE-2019-10383: A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier al
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
nvd
CVE-2020-2104P4MEDIUMCVSS 4.3≥ unspecified, ≤ 2.2182020-01-29
CVE-2020-2104 [MEDIUM] CWE-863 CVE-2020-2104: Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
nvd
CVE-2020-2160HIGHCVSS 8.8≥ unspecified, ≤ 2.227≥ unspecified, ≤ LTS 2.204.52020-03-25
CVE-2020-2160 [HIGH] CVE-2020-2160: Jenkins 2
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
cvelistv5
← Previous4 / 4