Known Vulnerabilities for products from Jenkins

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jenkins".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-57307 json Not Provided 2026-06-24 2026-06-24
CVE-2026-57306 json Not Provided 2026-06-24 2026-06-24
CVE-2026-57305 json A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to a... Not Provided 2026-06-24 2026-06-25
CVE-2026-57304 json A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connec... Not Provided 2026-06-24 2026-06-25
CVE-2026-57303 json Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allow... Not Provided 2026-06-24 2026-06-25
CVE-2026-57302 json Not Provided 2026-06-24 2026-06-24
CVE-2026-57301 json Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent... Not Provided 2026-06-24 2026-06-26
CVE-2026-57300 json A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read perm... Not Provided 2026-06-24 2026-06-26
CVE-2026-57299 json Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Ov... Not Provided 2026-06-24 2026-07-06
CVE-2026-57298 json Not Provided 2026-06-24 2026-06-24
CVE-2026-57297 json A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with ... Not Provided 2026-06-24 2026-07-06
CVE-2026-57295 json A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows att... Not Provided 2026-06-24 2026-06-26
CVE-2026-57294 json A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Rea... Not Provided 2026-06-24 2026-06-26
CVE-2026-57290 json A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows att... Not Provided 2026-06-24 2026-06-26
CVE-2026-57289 json Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname va... Not Provided 2026-06-24 2026-06-26
CVE-2026-57288 json Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in th... Not Provided 2026-06-24 2026-06-26
CVE-2026-57287 json Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets whe... Not Provided 2026-06-24 2026-06-26
CVE-2026-57286 json A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read per... Not Provided 2026-06-24 2026-06-26
CVE-2026-57285 json A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with O... Not Provided 2026-06-24 2026-06-26
CVE-2026-57284 json Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through t... Not Provided 2026-06-24 2026-06-26

Known software with vulnerabilities from Jenkins

Type Vendor Product Version
ApplicationJenkins360 Fireline1.0
ApplicationJenkinsAbsint Astree1.0.0
ApplicationJenkinsActive Choices0.1
ApplicationJenkinsActive Directory1.0
ApplicationJenkinsAlauda Devops Pipeline2.3.2
ApplicationJenkinsAlauda Kubernetes Support2.0.0
ApplicationJenkinsAmazon Ec21.0
ApplicationJenkinsAmazon Sns Build Notifier-
ApplicationJenkinsAmazon Web Services Serverless Application Model1.2.2
ApplicationJenkinsAmazon Web Services Service Application Model1.2.2
ApplicationJenkinsAnchore Container Image Scanner1.0.0
ApplicationJenkinsAndroid Lint1.0
ApplicationJenkinsAnsible0.1
ApplicationJenkinsAnsible Tower0.5.0
ApplicationJenkinsAppdynamics1.0.0
ApplicationJenkinsApplatix-
ApplicationJenkinsAppspider1.0.12
ApplicationJenkinsAqua Microscanner1.0.0
ApplicationJenkinsAqua Security Scanner-
ApplicationJenkinsAqua Security Severless Scanner1.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report