Known Vulnerabilities for products from Jenkins
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jenkins".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23118 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `... | 8.8 - HIGH | 2022-01-12 | 2023-11-30 |
| CVE-2022-23117 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processe... | 7.5 - HIGH | 2022-01-12 | 2023-11-30 |
| CVE-2022-23116 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processe... | 7.5 - HIGH | 2022-01-12 | 2023-11-30 |
| CVE-2022-23115 | Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall... | 5.4 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-23114 | Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins ... | 3.3 - LOW | 2022-01-12 | 2023-11-30 |
| CVE-2022-23113 | Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or n... | 4.3 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-23112 | A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to c... | 6.5 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-23111 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to con... | 4.3 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-23110 | Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site script... | 4.8 - MEDIUM | 2022-01-12 | 2023-11-15 |
| CVE-2022-23109 | Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step d... | 6.5 - MEDIUM | 2022-01-12 | 2023-11-15 |
| CVE-2022-23108 | Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a... | 5.4 - MEDIUM | 2022-01-12 | 2023-11-15 |
| CVE-2022-23107 | Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, a... | 8.1 - HIGH | 2022-01-12 | 2023-11-15 |
| CVE-2022-23106 | Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authent... | 5.3 - MEDIUM | 2022-01-12 | 2023-11-15 |
| CVE-2022-23105 | Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and... | 6.5 - MEDIUM | 2022-01-12 | 2023-11-15 |
| CVE-2022-20621 | Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins c... | 5.5 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-20620 | Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate... | 4.3 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-20619 | A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier all... | 7.1 - HIGH | 2022-01-12 | 2023-11-30 |
| CVE-2022-20618 | A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Over... | 4.3 - MEDIUM | 2022-01-12 | 2023-11-30 |
| CVE-2022-20617 | Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command ex... | 8.8 - HIGH | 2022-01-12 | 2023-11-22 |
| CVE-2022-20616 | Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validat... | 4.3 - MEDIUM | 2022-01-12 | 2023-11-22 |
Known software with vulnerabilities from Jenkins
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Jenkins | Subversion Partial Release Manager | - |
| Application | Jenkins | 360 Fireline | 1.0 |
| Application | Jenkins | Absint Astree | 1.0.0 |
| Application | Jenkins | Active Choices | 0.1 |
| Application | Jenkins | Active Directory | 1.0 |
| Application | Jenkins | Alauda Devops Pipeline | 2.3.2 |
| Application | Jenkins | Alauda Kubernetes Support | 2.0.0 |
| Application | Jenkins | Amazon Ec2 | 1.0 |
| Application | Jenkins | Amazon Sns Build Notifier | - |
| Application | Jenkins | Amazon Web Services Serverless Application Model | 1.2.2 |
| Application | Jenkins | Amazon Web Services Service Application Model | 1.2.2 |
| Application | Jenkins | Anchore Container Image Scanner | 1.0.0 |
| Application | Jenkins | Android Lint | 1.0 |
| Application | Jenkins | Ansible | 0.1 |
| Application | Jenkins | Ansible Tower | 0.5.0 |
| Application | Jenkins | Appdynamics | 1.0.0 |
| Application | Jenkins | Applatix | - |
| Application | Jenkins | Appspider | 1.0.12 |
| Application | Jenkins | Aqua Microscanner | 1.0.0 |
| Application | Jenkins | Aqua Security Scanner | - |