Vulnerabilidades em Jenkins Project
1.522 resultadosCVE-2020-2162—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a bEPSS 1.2%CVE-2020-2163—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS EPSS 1.2%CVE-2023-46655—Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are publishEPSS 1.2%CVE-2020-2287—Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web EPSS 1.2%CVE-2019-1003008—A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/pEPSS 1.2%CVE-2020-2120—Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2020-2115—Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2020-2171—Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 1.1%CVE-2023-24444CRITICALJenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.EPSS 1.1%CVE-2017-2650—It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commEPSS 1.1%CVE-2020-2309—A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enuEPSS 1.1%CVE-2020-2308—A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod EPSS 1.1%CVE-2019-10335—A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in JenEPSS 1.1%CVE-2019-1003044—A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-EPSS 1.1%CVE-2019-1003021—An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealEPSS 1.1%CVE-2019-1003018—An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/coEPSS 1.1%CVE-2022-34180—Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it EPSS 1.1%CVE-2024-28160HIGHJenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scriptingEPSS 1.1%CVE-2025-31722HIGHIn Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackerEPSS 1.1%CVE-2020-2222—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting inEPSS 1.1%