Jenkins Security Vulnerabilities (CVEs)

The Jenkins SSH2 Easy Plugin vulnerability allows users who previously had optional permissions (like Overall/Manage) to retain access to functionalit...

This CVE describes a missing authorization vulnerability in the Jenkins ServiceNow DevOps plugin versions before 1.38.1. Attackers could exploit this ...

This CSRF vulnerability in Jenkins ElasticBox CI Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-...

The Jenkins OpenShift Login Plugin vulnerability allows session fixation attacks where previous sessions aren't invalidated upon new login. This enabl...

This vulnerability in Jenkins Orka by MacStadium Plugin allows attackers with Overall/Read permission to connect to attacker-controlled URLs using sto...

A CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to trick authenticated users into unknowingly connecting...

A CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick authenticated users into unknowingly logging into the ...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Jenkins where insufficient URL escaping allows attackers to trick authenticated users int...

The Jenkins CAS Plugin 1.6.2 and earlier fails to invalidate previous user sessions upon login, allowing session fixation attacks. This vulnerability ...

The Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.149 and earlier expose credentials in plain text on configuration forms inst...

This CSRF vulnerability in Jenkins SAML SSO Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacker-cont...

This CSRF vulnerability in Jenkins SAML SSO Plugin allows attackers to trick authenticated users into unknowingly sending malicious HTTP POST requests...

The Jenkins File Parameter Plugin vulnerability allows attackers with Item/Configure permission to write arbitrary files with attacker-controlled cont...

This CSRF vulnerability in Jenkins Azure VM Agents Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-controlled...

This vulnerability in Jenkins Pipeline Utility Steps Plugin allows attackers who can provide crafted archive files as parameters to write arbitrary fi...

This CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin allows attackers to trick authenticated users into connecting to attacker-controlled O...

This CSRF vulnerability in Jenkins Convert To Pipeline Plugin allows attackers to trick authenticated users into unknowingly creating pipelines from f...

The Jenkins Crap4J Plugin 0.9 and earlier contains an XML external entity (XXE) vulnerability due to improper XML parser configuration. This allows at...

The Jenkins Performance Publisher Plugin 8.09 and earlier contains an XML external entity (XXE) vulnerability due to improper XML parser configuration...

This vulnerability in Jenkins allows attackers to cause denial of service by exploiting improper request handling in the Apache Commons FileUpload lib...

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin allows attackers to trick authenticated users into connecting Je...

This CSRF vulnerability in Jenkins Coverity Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-controlled URLs u...

A CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to trick authenticated users into performing unauthorized ...

This vulnerability in Jenkins Deployer Framework Plugin allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins con...

The Jenkins Compuware ISPW Operations Plugin vulnerability allows attackers who control Jenkins agent processes to retrieve Java system properties fro...

This CSRF vulnerability in Jenkins Git Plugin allows attackers to trigger unauthorized builds of jobs configured with Git repositories. Attackers can ...

This vulnerability in Eclipse Jetty's HTTP/2 server implementation allows attackers to cause denial of service by sending invalid HTTP/2 requests that...

This CSRF vulnerability in Jenkins Recipe Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacker-contro...

This CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin allows attackers to trick authenticated users into making unintended requests to ...

This CSRF vulnerability in Jenkins EasyQA Plugin allows attackers to trick authenticated users into making unintended requests to attacker-controlled ...

This vulnerability in Jenkins creates a timing side-channel in the login form that allows attackers to distinguish between invalid usernames and valid...

This vulnerability in Jenkins Pipeline: Input Step Plugin allows attackers with Pipeline configuration permissions to write arbitrary files on the Jen...

The Jenkins Embeddable Build Status Plugin before version 2.0.4 has a path traversal vulnerability that allows attackers without proper permissions to...

A CSRF vulnerability in Jenkins Autocomplete Parameter Plugin allows attackers to trick authenticated administrators into executing arbitrary code wit...

CVE-2022-30971 is an XML external entity (XXE) vulnerability in the Jenkins Storable Configs Plugin, allowing attackers to read arbitrary files from t...

This CSRF vulnerability in Jenkins SSH Plugin allows attackers to trick authenticated users into unknowingly connecting to attacker-controlled SSH ser...

CVE-2022-30950 is a buffer overflow vulnerability in Jenkins WMI Windows Agents Plugin 1.8 and earlier that allows authenticated users who can connect...

This vulnerability in Jenkins Pipeline: Groovy Plugin allows attackers in sandboxed pipelines to load arbitrary Groovy source files from the Jenkins c...

The Jenkins Git Plugin vulnerability allows attackers with pipeline configuration permissions to access limited information from other projects' SCM r...

This CSRF vulnerability in Jenkins Publish Over FTP Plugin allows attackers to trick authenticated users into connecting to attacker-controlled FTP se...

This vulnerability in Jenkins Coverage/Complexity Scatter Plot Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting impr...

This CSRF vulnerability in Jenkins Job and Node ownership Plugin allows attackers to change job owners and permissions without authentication. It affe...

This CSRF vulnerability in Jenkins JiraTestResultReporter Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-con...

The Jenkins Flaky Test Handler Plugin 1.2.1 and earlier contains an XML external entity (XXE) vulnerability due to improper XML parser configuration. ...