Known Vulnerabilities for Configuration As Code by Jenkins
Listed below are 9 of the newest known vulnerabilities associated with "Configuration As Code" by "Jenkins".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58449 json | txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved thr... | Not Provided | 2026-06-30 | 2026-07-01 |
| CVE-2026-58122 json | Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to ... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-56447 json | MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MIS... | Not Provided | 2026-06-22 | 2026-06-22 |
| CVE-2026-56208 json | A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's... | Not Provided | 2026-06-19 | 2026-07-08 |
| CVE-2026-55742 json | Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handl... | Not Provided | 2026-06-18 | 2026-06-18 |
| CVE-2026-55477 json | 3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the dat... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-54414 json | FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder... | Not Provided | 2026-06-19 | 2026-06-22 |
| CVE-2026-54325 json | Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository'... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-53915 json | In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration | Not Provided | 2026-06-19 | 2026-06-25 |
| CVE-2026-53913 json | Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in... | Not Provided | 2026-07-06 | 2026-07-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jenkins | Configuration As Code | 1.9 | |||
| Application | Jenkins | Configuration As Code | 1.8 | |||
| Application | Jenkins | Configuration As Code | 1.7 | |||
| Application | Jenkins | Configuration As Code | 1.6 | |||
| Application | Jenkins | Configuration As Code | 1.5 | |||
| Application | Jenkins | Configuration As Code | 1.4 | |||
| Application | Jenkins | Configuration As Code | 1.3 | |||
| Application | Jenkins | Configuration As Code | 1.27 | |||
| Application | Jenkins | Configuration As Code | 1.26 | |||
| Application | Jenkins | Configuration As Code | 1.25 | |||
| Application | Jenkins | Configuration As Code | 1.24 | |||
| Application | Jenkins | Configuration As Code | 1.23.1 | |||
| Application | Jenkins | Configuration As Code | 1.23 | |||
| Application | Jenkins | Configuration As Code | 1.22 | |||
| Application | Jenkins | Configuration As Code | 1.21 | |||
| Application | Jenkins | Configuration As Code | 1.20 | |||
| Application | Jenkins | Configuration As Code | 1.2 | |||
| Application | Jenkins | Configuration As Code | 1.19 | |||
| Application | Jenkins | Configuration As Code | 1.18 | |||
| Application | Jenkins | Configuration As Code | 1.17 |