Vulnerabilidades en Jenkins Project

1522 resultados
Análisis Vexday

O Jenkins Project acumula 458 CVEs catalogadas, com 56 novas ocorrências nos últimos 90 dias, sinalizando um ritmo contínuo de descobertas que exige monitoramento constante. A taxa de exploração ativa está abaixo da média geral do catálogo, com apenas 1 CVE confirmada no CISA KEV, porém essa única entrada — CVE-2024-23897 — apresenta EPSS máximo de 1.0, indicando probabilidade extremamente alta de exploração ativa e tornando sua remediação imediata uma prioridade absoluta. O tipo de falha mais frequente é CWE-352 (Cross-Site Request Forgery), o que sugere fragilidades persistentes nos mecanismos de controle de requisições da plataforma, especialmente relevantes em ambientes expostos à internet. Com 20 CVEs de severidade crítica e 3 com PoC pública disponível, a superfície de ataque real merece atenção proporcional, independentemente da taxa de exploração relativamente contida.

CVE-2025-53654MEDIUMJenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins cEPSS 0.4%CVE-2022-36886A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackersEPSS 0.4%CVE-2022-36887A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attacEPSS 0.4%CVE-2023-30529MEDIUMJenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reinEPSS 0.3%CVE-2019-10420Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by usEPSS 0.3%CVE-2020-2291Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins conEPSS 0.3%CVE-2019-10424Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by usEPSS 0.3%CVE-2023-50773Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the poteEPSS 0.3%CVE-2023-50772Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller whereEPSS 0.3%CVE-2025-53656MEDIUMJenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in jobEPSS 0.3%CVE-2019-10365Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspEPSS 0.3%CVE-2019-10426Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed EPSS 0.3%CVE-2023-37957A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an EPSS 0.3%CVE-2023-50776Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins EPSS 0.3%CVE-2023-43502A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete FailEPSS 0.3%CVE-2023-50775A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.EPSS 0.3%CVE-2024-28162MEDIUMIn Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate vEPSS 0.3%CVE-2019-10364Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.EPSS 0.3%CVE-2025-59476MEDIUMJenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified coEPSS 0.3%CVE-2021-21612Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controEPSS 0.3%