Vulnerabilidades en Jenkins Project

1522 resultados
Análisis Vexday

O Jenkins Project acumula 458 CVEs catalogadas, com 56 novas ocorrências nos últimos 90 dias, sinalizando um ritmo contínuo de descobertas que exige monitoramento constante. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV, porém essa única entrada — CVE-2024-23897 — apresenta EPSS máximo de 1.0, indicando probabilidade extremamente alta de exploração ativa e tornando sua remediação imediata uma prioridade absoluta. O tipo de falha mais frequente é CWE-352 (Cross-Site Request Forgery), o que sugere fragilidades persistentes nos mecanismos de controle de requisições da plataforma, especialmente relevantes em ambientes expostos à internet. Com 20 CVEs de severidade crítica e 3 com PoC pública disponível, a superfície de ataque real merece atenção proporcional, independentemente da taxa de exploração relativamente contida.

CVE-2023-40336A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy foldersEPSS 0.4%CVE-2023-43500A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to EPSS 0.4%CVE-2023-30515HIGHJenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the builEPSS 0.4%CVE-2022-43418MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-spEPSS 0.4%CVE-2023-30531MEDIUMJenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasinEPSS 0.4%CVE-2023-30528MEDIUMJenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potentEPSS 0.4%CVE-2022-38666HIGHJenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validEPSS 0.4%CVE-2023-49655A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML EPSS 0.4%CVE-2022-45391HIGHJenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hEPSS 0.4%CVE-2023-46652A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumeEPSS 0.4%CVE-2022-34804Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuratEPSS 0.4%CVE-2019-1003038An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jEPSS 0.4%CVE-2025-64131HIGHJenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about EPSS 0.4%CVE-2023-37955A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect tEPSS 0.4%CVE-2023-37943Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test toEPSS 0.4%CVE-2022-36911A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attackeEPSS 0.4%CVE-2019-10367Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some valEPSS 0.4%CVE-2022-41249HIGHA cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attackeEPSS 0.4%CVE-2019-10379Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the JeEPSS 0.4%CVE-2023-32983MEDIUMJenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the poteEPSS 0.4%