Jenkins Security Vulnerabilities (CVEs)
Track 195 security vulnerabilities affecting Jenkins products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Jenkins OpenID Connect Provider Plugin allows attackers who can configure jobs to craft build ID tokens that impersonate trusted...
May 14, 2025A CSRF vulnerability in Jenkins Cadence vManager Plugin allows attackers to trick authenticated users into unknowingly connecting the plugin to attack...
May 14, 2025The Jenkins DingTalk Plugin 2.7.3 and earlier disables SSL/TLS certificate validation for DingTalk webhook connections, allowing man-in-the-middle att...
May 14, 2025The Jenkins WSO2 Oauth Plugin 1.0 and earlier contains an authentication bypass vulnerability where the plugin accepts authentication claims without v...
May 14, 2025This vulnerability allows network-based attackers to impersonate Jenkins SSH build agents by exploiting identical SSH host keys across all containers ...
Apr 10, 2025The Jenkins Stack Hammer Plugin 1.0.6 and earlier stores API keys unencrypted in job configuration files, allowing users with Extended Read permission...
Apr 2, 2025The Jenkins AsakusaSatellite Plugin 0.1.1 and earlier displays API keys in plaintext on job configuration forms instead of masking them. This allows a...
Apr 2, 2025This vulnerability allows attackers with Computer/Create permission in Jenkins to copy agent configurations and access encrypted secrets they shouldn'...
Apr 2, 2025This vulnerability allows attackers with Item/Configure permission in Jenkins to bypass sandbox protection in the Templating Engine Plugin, enabling a...
Apr 2, 2025The Jenkins Cadence vManager Plugin stores Verisium Manager vAPI keys unencrypted in job configuration files on the Jenkins controller. This allows us...
Apr 2, 2025Jenkins AnchorChain Plugin 1.0 has a stored cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary JavaScript in victims'...
Mar 19, 2025This CSRF vulnerability in Jenkins allows attackers to trick authenticated users into toggling the collapsed/expanded status of sidepanel widgets like...
Mar 5, 2025This vulnerability in Jenkins allows attackers with Agent/Extended Read permission to view encrypted secrets stored in agent configuration files via R...
Mar 5, 2025A CSRF vulnerability in Jenkins Azure Service Fabric Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-controll...
Jan 22, 2025The Jenkins Bitbucket Server Integration Plugin has a CSRF bypass vulnerability that allows attackers to craft malicious URLs that circumvent CSRF pro...
Jan 22, 2025This vulnerability allows attackers to bypass authentication on Jenkins instances by exploiting case-insensitive username matching. Attackers can log ...
Jan 22, 2025The Jenkins Eiffel Broadcaster Plugin vulnerability allows attackers who can create credentials with the same ID as legitimate ones in different crede...
Jan 22, 2025Jenkins Simple Queue Plugin 1.4.4 and earlier contains a stored cross-site scripting (XSS) vulnerability where attackers with View/Create permission c...
Nov 27, 2024This vulnerability in Jenkins Script Security Plugin allows attackers with Overall/Read permission to check for the existence of files on the Jenkins ...
Nov 13, 2024This vulnerability in Jenkins Pipeline: Groovy Plugin allows attackers with Item/Build permission to rebuild previous builds using unapproved Jenkinsf...
Nov 13, 2024The Jenkins Authorize Project Plugin 1.7.2 and earlier contains a stored cross-site scripting (XSS) vulnerability where attackers with Item/Configure ...
Nov 13, 2024This vulnerability in Jenkins Shared Library Version Override Plugin allows attackers with Item/Configure permission on a folder to bypass the Script ...
Nov 13, 2024Jenkins versions 2.478 and earlier (including LTS 2.462.2 and earlier) fail to properly redact multi-line secret values in error messages when form su...
Oct 2, 2024The Jenkins Credentials Plugin vulnerability exposes encrypted credential values stored as SecretBytes when accessing item configuration files via RES...
Oct 2, 2024This vulnerability in Jenkins OpenId Connect Authentication Plugin allows attackers to bypass authentication by forging ID tokens without proper issue...
Oct 2, 2024This vulnerability in Jenkins allows attackers with Overall/Read permission to access other users' 'My Views' without proper authorization. It affects...
Aug 7, 2024The Jenkins Plain Credentials Plugin versions 182.v468b_97b_9dcb_8 and earlier store secret file credentials unencrypted (only Base64 encoded) on the ...
Jun 26, 2024This vulnerability allows attackers with permission to define and run sandboxed scripts in Jenkins to bypass sandbox protections via crafted construct...
May 2, 2024The Jenkins Git server Plugin vulnerability allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access...
May 2, 2024The Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 when builds are triggered ...
May 2, 2024The Jenkins iceScrum Plugin 1.1.6 and earlier contains a stored cross-site scripting (XSS) vulnerability where iceScrum project URLs displayed on buil...
Mar 6, 2024This vulnerability in Jenkins docker-build-step Plugin allows attackers with Overall/Read permission to connect to arbitrary TCP or Unix socket URLs a...
Mar 6, 2024The Jenkins GitBucket Plugin 0.8 and earlier contains a stored cross-site scripting (XSS) vulnerability where GitBucket URLs displayed on build views ...
Mar 6, 2024This vulnerability in Jenkins allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a CLI comma...
Jan 24, 2024This CSRF vulnerability in Jenkins HTMLResource Plugin allows attackers to trick authenticated users into executing malicious requests that delete arb...
Dec 13, 2023A CSRF vulnerability in Jenkins PaaSLane Estimate Plugin allows attackers to trick authenticated users into making unauthorized requests to attacker-c...
Dec 13, 2023This CSRF vulnerability in Jenkins Nexus Platform Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacke...
Dec 13, 2023This CSRF vulnerability in Jenkins Nexus Platform Plugin allows attackers to trick authenticated users into connecting Jenkins to malicious HTTP serve...
Dec 13, 2023The Jenkins MATLAB Plugin vulnerability allows attackers to read arbitrary XML files from the Jenkins controller file system due to missing permission...
Nov 29, 2023The Jenkins MATLAB Plugin 2.11.0 and earlier contains an XML External Entity (XXE) vulnerability due to improper XML parser configuration. This allows...
Nov 29, 2023The Jenkins CloudBees CD Plugin vulnerability allows attackers with job configuration permissions to delete arbitrary files on the Jenkins controller ...
Oct 25, 2023This CVE describes an integer overflow vulnerability in Eclipse Jetty's HTTP/2 HPACK header processing. Attackers can send specially crafted HTTP/2 re...
Oct 10, 2023CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...
Oct 10, 2023This CSRF vulnerability in Jenkins Build Failure Analyzer Plugin allows attackers to trick authenticated users into making unauthorized connections to...
Sep 20, 2023This vulnerability in Jenkins allows attackers with access to the system temporary directory to replace plugin files during installation from a URL, p...
Sep 20, 2023This vulnerability in Jenkins allows attackers with file system access to read and write temporary files created during file uploads before Jenkins pr...
Sep 20, 2023The Jenkins Assembla Auth Plugin vulnerability allows users with EDIT permissions to gain Overall/Manage and Overall/SystemRead permissions even when ...
Sep 6, 2023This vulnerability in Jenkins Job Configuration History Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XM...
Sep 6, 2023This vulnerability in Jenkins Azure AD Plugin allows attackers to potentially bypass CSRF protection through timing attacks. By exploiting non-constan...
Sep 6, 2023This vulnerability in Jenkins Bitbucket Plugin allows attackers to steal Bitbucket credentials stored in Jenkins by sending malicious webhook payloads...
Sep 6, 2023Why Monitor Jenkins Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 195+ known vulnerabilities affecting Jenkins products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Jenkins packages in under 60 seconds. No agents required - completely agentless scanning that works across Jenkins deployments.
Free vulnerability database: Access detailed information about every Jenkins CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Jenkins CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
