Vulnerabilidades em Jenkins project

1.522 resultados
Análise Vexday

Com 1.064 CVEs catalogadas, o Jenkins Project acumula um volume expressivo de vulnerabilidades históricas, embora a taxa de exploração ativa — 0,19% das CVEs presentes no catálogo CISA KEV — esteja abaixo da média geral do catálogo (0,45%), o que sugere que a maioria das falhas não chegou a ser amplamente weaponizada. O ponto de maior atenção é o EPSS máximo observado de 0,9843, indicando que ao menos uma vulnerabilidade no portfólio apresenta probabilidade de exploração extremamente elevada segundo modelos preditivos. A CVE mais perigosa em exploração ativa, CVE-2019-1003030, carrega um EPSS de 0,7596, reforçando a necessidade de priorizar ambientes que ainda não aplicaram as correções correspondentes. O tipo de falha mais comum, CWE-862 (ausência de verificação de autorização), combinado com 11 CVEs com PoC pública, aponta para uma superfície de ataque relevante que exige controle rigoroso de permissões e aplicação consistente de patches.

CVE-2022-28152A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore thEPSS 0.6%CVE-2025-27625MEDIUMIn Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attaEPSS 0.6%CVE-2022-25204Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown oEPSS 0.6%CVE-2022-36882A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configEPSS 0.6%CVE-2022-23115Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access toEPSS 0.6%CVE-2022-43423MEDIUMJenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that doesEPSS 0.6%CVE-2023-32990MEDIUMA missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission toEPSS 0.6%CVE-2023-40349Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers tEPSS 0.6%CVE-2019-16568Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configurEPSS 0.6%CVE-2022-30946A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to haEPSS 0.6%CVE-2023-28679MEDIUMJenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custoEPSS 0.6%CVE-2022-41239MEDIUMJenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying theEPSS 0.6%CVE-2022-34210A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attaEPSS 0.6%CVE-2022-34201A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to conEPSS 0.6%CVE-2020-2146Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middlEPSS 0.6%CVE-2023-30532MEDIUMA missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobEPSS 0.6%CVE-2023-28682HIGHJenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 0.6%CVE-2023-28681HIGHJenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.EPSS 0.6%CVE-2023-33000HIGHJenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, EPSS 0.6%CVE-2023-46657Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook EPSS 0.6%