Known Vulnerabilities for products from Jenkins

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jenkins".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-41255 Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controll... 6.5 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41254 Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect... 6.5 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41253 A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to ... 8.8 - HIGH 2022-09-21 2022-09-21
CVE-2022-41252 Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate ... 4.3 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41251 A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerat... 4.3 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41250 A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to ... 6.5 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41249 A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connec... 8.8 - HIGH 2022-09-21 2022-09-21
CVE-2022-41248 Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, incre... 5.3 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41247 Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file o... 4.3 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-41246 A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/... 6.5 - MEDIUM 2022-09-21 2022-09-21
CVE-2022-23118 Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `... 8.8 - HIGH 2022-01-12 2022-01-19
CVE-2022-23117 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processe... 7.5 - HIGH 2022-01-12 2022-01-19
CVE-2022-23116 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processe... 7.5 - HIGH 2022-01-12 2022-01-18
CVE-2022-23115 Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall... 5.4 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23114 Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins ... 3.3 - LOW 2022-01-12 2022-01-18
CVE-2022-23113 Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or n... 4.3 - MEDIUM 2022-01-12 2022-01-19
CVE-2022-23112 A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to c... 6.5 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23111 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to con... 4.3 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23110 Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site script... 4.8 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23109 Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step d... 6.5 - MEDIUM 2022-01-12 2022-01-18

Known software with vulnerabilities from Jenkins

Type Vendor Product Version
ApplicationJenkins Subversion Partial Release Manager-
ApplicationJenkins360 Fireline1.0
ApplicationJenkinsAbsint Astree1.0.0
ApplicationJenkinsActive Choices0.1
ApplicationJenkinsActive Directory1.0
ApplicationJenkinsAlauda Devops Pipeline2.3.2
ApplicationJenkinsAlauda Kubernetes Support2.0.0
ApplicationJenkinsAmazon Ec21.0
ApplicationJenkinsAmazon Sns Build Notifier-
ApplicationJenkinsAmazon Web Services Serverless Application Model1.2.2
ApplicationJenkinsAmazon Web Services Service Application Model1.2.2
ApplicationJenkinsAnchore Container Image Scanner1.0.0
ApplicationJenkinsAndroid Lint1.0
ApplicationJenkinsAnsible0.1
ApplicationJenkinsAnsible Tower0.5.0
ApplicationJenkinsAppdynamics1.0.0
ApplicationJenkinsApplatix-
ApplicationJenkinsAppspider1.0.12
ApplicationJenkinsAqua Microscanner1.0.0
ApplicationJenkinsAqua Security Scanner-

Popular searches for "Jenkins"

Jenkins

jenkins.io

Jenkins Jenkins an open source automation server which enables developers around the world to reliably build, test, and deploy their software

jenkins-ci.org wiki.jenkins.io/display/JENKINS/Home jenkins-ci.org wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins www.jenkins-ci.org wiki.jenkins-ci.org/display/JENKINS/Home wiki.jenkins.io/display/JENKINS/Home Jenkins (software) Server (computing) Automation Software deployment Plug-in (computing) Software Open-source software Continuous delivery Software build Programmer Continuous integration Operating system User (computing) Java (programming language) Google Summer of Code User story Adobe Contribute OpenJDK Software development Debian version history

Jenkins download and deployment

www.jenkins.io/download

Jenkins download and deployment Jenkins an open source automation server which enables developers around the world to reliably build, test, and deploy their software

Jenkins (software) Software deployment Long-term support Download Cloud computing Software release life cycle Package manager Programmer Installation (computer programs) Software Docker (software) Server (computing) User (computing) Plug-in (computing) Open-source software Automation Java package OpenBSD MacOS Gentoo Linux