Exposición de Jenkins
CI28
score de exposición
15
sitios usan
1
en explotación
2
críticos
CVEs
141 resultadosCVE-2023-27900HIGHJenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of reEPSS 1.0%CVE-2023-27901HIGHJenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of reEPSS 1.0%CVE-2021-21682—Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replaEPSS 1.0%CVE-2023-43496HIGHJenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions fEPSS 0.9%CVE-2021-21615—Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-cEPSS 0.9%CVE-2023-43495—Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNotEPSS 0.9%CVE-2022-41224MEDIUMJenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the JenkinsEPSS 0.9%CVE-2023-39151—Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperEPSS 0.9%CVE-2023-35141HIGHIn Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the UEPSS 0.9%CVE-2024-47803MEDIUMJenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissionsEPSS 0.8%CVE-2023-43497—In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in thEPSS 0.8%CVE-2023-43498—In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the EPSS 0.8%CVE-2026-33001HIGHJenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives,EPSS 0.8%CVE-2023-27902MEDIUMJenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/WEPSS 0.7%CVE-2023-27904MEDIUMJenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potEPSS 0.7%CVE-2025-27622MEDIUMJenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via RESEPSS 0.7%CVE-2024-47804MEDIUMIf an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroEPSS 0.7%CVE-2025-27625MEDIUMIn Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attaEPSS 0.6%CVE-2025-67635HIGHJenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corEPSS 0.5%CVE-2026-27099HIGHJenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of EPSS 0.5%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →