Jenkins

jenkins

Vendor: Jenkins • 259 CVEs

CVEs (259)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-1812 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813...Show more Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.Show less
CVE-2015-1810 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2015 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain pr...Show more The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.Show less
CVE-2015-1808 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
CVE-2015-1807 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.
CVE-2015-1806 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unsp...Show more The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.Show less
CVE-2014-2068 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via v...Show more The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.Show less
CVE-2014-2066 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
CVE-2014-2065 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
CVE-2014-2064 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed l...Show more The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.Show less
CVE-2014-2063 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-2062 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
CVE-2014-2061 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
CVE-2014-2060 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
CVE-2014-2058 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability...Show more BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330.Show less
CVE-2013-7330 1Jenkins 1Jenkins May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
CVE-2014-3680 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
CVE-2014-3667 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin...Show more Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.Show less
CVE-2014-3666 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
CVE-2014-3663 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
CVE-2014-3662 2Jenkins Redhat 2Jenkins Openshift May 6, 2026 Oct 16, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

Previous 1...9 10 111213 Next