Known Vulnerabilities for Jenkins by Jenkins Project
Listed below are 10 of the newest known vulnerabilities associated with "Jenkins" by "Jenkins Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-57307 json | A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57306 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows ... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57305 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to a... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57304 json | A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connec... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57303 json | Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allow... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57302 json | Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, wher... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57301 json | Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57300 json | A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read perm... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57299 json | Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Ov... | Not Provided | 2026-06-24 | 2026-06-24 |
| CVE-2026-57298 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier... | Not Provided | 2026-06-24 | 2026-06-24 |