Jenkins Security Vulnerabilities (CVEs)
Track 197 security vulnerabilities affecting Jenkins products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
The Jenkins Proxmox Plugin versions 0.6.0 and earlier disable SSL/TLS certificate validation globally for the entire Jenkins controller JVM when confi...
Mar 29, 2022A cross-site request forgery (CSRF) vulnerability in Jenkins Extended Choice Parameter Plugin allows attackers to trick authenticated users into makin...
Mar 15, 2022A CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin allows attackers with Overall/Read permission to trick authenticated users into conne...
Mar 15, 2022This CSRF vulnerability in Jenkins dbCharts Plugin allows attackers to trick authenticated users into making unauthorized database connections via JDB...
Feb 15, 2022This CSRF vulnerability in Jenkins Chef Sinatra Plugin allows attackers to trick authenticated Jenkins users into making unauthorized HTTP requests to...
Feb 15, 2022This vulnerability in Jenkins Chef Sinatra Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XML parser conf...
Feb 15, 2022The Jenkins SWAMP Plugin vulnerability allows attackers with Overall/Read permission to connect to arbitrary web servers using attacker-specified cred...
Feb 15, 2022The Jenkins Snow Commander Plugin contains a CSRF vulnerability that allows attackers to trick authenticated users into unknowingly connecting Jenkins...
Feb 15, 2022This CSRF vulnerability in Jenkins autonomiq Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-cont...
Feb 15, 2022This CSRF vulnerability in Jenkins SCP publisher Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-...
Feb 15, 2022This CSRF vulnerability in Jenkins Checkmarx Plugin allows attackers to trick authenticated users into connecting to malicious servers using stolen cr...
Feb 15, 2022This CVE describes a sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin that allows attackers with Item/Configure permis...
Feb 15, 2022This vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin allows attackers with Item/Configure permission to execute arbitrary code on th...
Feb 15, 2022This vulnerability in Jenkins Pipeline: Groovy Plugin allows attackers with Item/Configure permission to execute arbitrary operating system commands o...
Feb 15, 2022This vulnerability in Jenkins Pipeline: Multibranch Plugin allows attackers with Item/Configure permission to execute arbitrary operating system comma...
Feb 15, 2022The Jenkins Warnings Next Generation Plugin vulnerability allows attackers with Item/Configure permission to read and write files with specific hard-c...
Jan 12, 2022This vulnerability in Jenkins Conjur Secrets Plugin allows attackers who control Jenkins agent processes to decrypt secrets stored in Jenkins that wer...
Jan 12, 2022This vulnerability in Jenkins Debian Package Builder Plugin allows attackers who control Jenkins agent processes to execute arbitrary operating system...
Jan 12, 2022This vulnerability in Jenkins allows agents to create arbitrary symbolic links on the controller file system during archive extraction. Attackers with...
Nov 4, 2021This vulnerability in Jenkins allows agents to bypass access controls and execute arbitrary file operations on the controller's filesystem. It affects...
Nov 4, 2021This vulnerability allows Jenkins agents to create symbolic links on the controller without proper permission checks. Attackers with agent access can ...
Nov 4, 2021This vulnerability in Jenkins allows agents to create temporary files on the controller before access controls are checked, enabling unauthorized file...
Nov 4, 2021This vulnerability in Jenkins allows agents to access files outside their permitted directories by exploiting symbolic links. Attackers can read sensi...
Nov 4, 2021This vulnerability allows attackers controlling Jenkins agent processes to replace trusted library files in the libs/ directory, leading to unauthenti...
Nov 4, 2021The Jenkins Subversion Plugin vulnerability allows attackers with agent access to read arbitrary files on the Jenkins controller file system. This aff...
Nov 4, 2021This vulnerability in Jenkins allows agents to create arbitrary directories on the controller's filesystem without proper access control. Attackers wi...
Nov 4, 2021This vulnerability in Jenkins Code Coverage API Plugin allows attackers to execute arbitrary code on Jenkins servers by exploiting insecure deserializ...
Aug 31, 2021This vulnerability in Jenkins Azure AD Plugin allows attackers to bypass Cross-Site Request Forgery (CSRF) protection by crafting malicious URLs. Atta...
Aug 31, 2021Jenkins 2.299 and earlier, including LTS 2.289.1 and earlier, fails to invalidate previous user sessions upon login. This allows attackers who have ob...
Jun 30, 2021This vulnerability in Jenkins Generic Webhook Trigger Plugin allows attackers to perform XML External Entity (XXE) attacks by sending specially crafte...
Jun 18, 2021This CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-contro...
Jun 10, 2021This vulnerability in Jenkins Filesystem Trigger Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XML parse...
May 25, 2021The Jenkins Nuget Plugin 1.0 and earlier contains an XML External Entity (XXE) vulnerability due to improper XML parser configuration. This allows att...
May 25, 2021This CSRF vulnerability in Jenkins Xray plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-controlle...
May 11, 2021This CSRF vulnerability in Jenkins P4 Plugin allows attackers to trick authenticated users into connecting Jenkins to a malicious Perforce server with...
May 11, 2021This vulnerability in Jenkins Config File Provider Plugin allows attackers to perform XML External Entity (XXE) attacks by exploiting improper XML par...
Apr 21, 2021This vulnerability in Jenkins Templating Engine Plugin allows attackers with Job/Configure permission to bypass script security protections and execut...
Apr 21, 2021This vulnerability in Eclipse Jetty allows denial-of-service attacks by causing 100% CPU usage when processing large invalid TLS frames. Attackers can...
Apr 1, 2021This CSRF vulnerability in Jenkins Build With Parameters Plugin allows attackers to trick authenticated users into unknowingly triggering builds with ...
Mar 30, 2021This CSRF vulnerability in Jenkins OWASP Dependency-Track Plugin allows attackers to trick authenticated users into connecting to malicious URLs, pote...
Mar 30, 2021This CSRF vulnerability in Jenkins Team Foundation Server Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to ...
Mar 30, 2021This CSRF vulnerability in Jenkins Libvirt Agents Plugin allows attackers to stop hypervisor domains (virtual machines) managed by Jenkins. Attackers ...
Mar 18, 2021This CSRF vulnerability in Jenkins Configuration Slicing Plugin allows attackers to trick authenticated users into unknowingly applying malicious slic...
Feb 24, 2021CVE-2020-2320 is a critical vulnerability in Jenkins Plugin Installation Manager Tool 2.1.3 and earlier that fails to verify plugin downloads, allowin...
Dec 3, 2020The Jenkins Active Directory Plugin vulnerability allows attackers to bypass authentication and log in as any user with any password when using Window...
Nov 4, 2020The Jenkins Active Directory Plugin 2.19 and earlier contains an authentication bypass vulnerability where attackers can log in as any user by using a...
Nov 4, 2020CVE-2020-2279 is a critical sandbox bypass vulnerability in Jenkins Script Security Plugin that allows attackers with permission to define sandboxed s...
Sep 23, 2020Why Monitor Jenkins Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 197+ known vulnerabilities affecting Jenkins products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Jenkins packages in under 60 seconds. No agents required - completely agentless scanning that works across Jenkins deployments.
Free vulnerability database: Access detailed information about every Jenkins CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Jenkins CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
