Known Vulnerabilities for products from Jenkins

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jenkins".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-33007 Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-s... 5.4 - MEDIUM 2023-05-16 2023-05-16
CVE-2023-33006 A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick user... Not Provided 2023-05-16 2023-05-16
CVE-2023-33005 Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. 5.4 - MEDIUM 2023-05-16 2023-05-16
CVE-2023-33004 A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to re... 4.3 - MEDIUM 2023-05-16 2023-05-16
CVE-2023-33003 A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset pr... 4.3 - MEDIUM 2023-05-16 2023-05-16
CVE-2023-33002 Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cr... 5.4 - MEDIUM 2023-05-16 2023-05-16
CVE-2023-33001 Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentia... 7.5 - HIGH 2023-05-16 2023-05-16
CVE-2023-33000 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the confi... Not Provided 2023-05-16 2023-05-16
CVE-2023-32999 A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to co... Not Provided 2023-05-16 2023-05-16
CVE-2023-32998 A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect ... Not Provided 2023-05-16 2023-05-16
CVE-2022-23118 Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `... 8.8 - HIGH 2022-01-12 2022-01-19
CVE-2022-23117 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processe... 7.5 - HIGH 2022-01-12 2022-01-19
CVE-2022-23116 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processe... 7.5 - HIGH 2022-01-12 2022-01-18
CVE-2022-23115 Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall... 5.4 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23114 Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins ... 3.3 - LOW 2022-01-12 2022-01-18
CVE-2022-23113 Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or n... 4.3 - MEDIUM 2022-01-12 2022-01-19
CVE-2022-23112 A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to c... 6.5 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23111 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to con... 4.3 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23110 Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site script... 4.8 - MEDIUM 2022-01-12 2022-01-18
CVE-2022-23109 Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step d... 6.5 - MEDIUM 2022-01-12 2022-01-18
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Jenkins

Type Vendor Product Version
ApplicationJenkins Subversion Partial Release Manager-
ApplicationJenkins360 Fireline1.0
ApplicationJenkinsAbsint Astree1.0.0
ApplicationJenkinsActive Choices0.1
ApplicationJenkinsActive Directory1.0
ApplicationJenkinsAlauda Devops Pipeline2.3.2
ApplicationJenkinsAlauda Kubernetes Support2.0.0
ApplicationJenkinsAmazon Ec21.0
ApplicationJenkinsAmazon Sns Build Notifier-
ApplicationJenkinsAmazon Web Services Serverless Application Model1.2.2
ApplicationJenkinsAmazon Web Services Service Application Model1.2.2
ApplicationJenkinsAnchore Container Image Scanner1.0.0
ApplicationJenkinsAndroid Lint1.0
ApplicationJenkinsAnsible0.1
ApplicationJenkinsAnsible Tower0.5.0
ApplicationJenkinsAppdynamics1.0.0
ApplicationJenkinsApplatix-
ApplicationJenkinsAppspider1.0.12
ApplicationJenkinsAqua Microscanner1.0.0
ApplicationJenkinsAqua Security Scanner-
Results limited to 20 most recent known configurations
Trademarks for Jenkins obtained from uspto.report
Mark Image Details
CALCIUM 360
"CALCIUM 360"
85050396
2010-05-28
AMERICA WATER REVOLUTION
"AMERICA WATER REVOLUTION"
85047098
2010-05-25
AMERICA'S NEXT HOTTEST MUSIC PRODUCER
"AMERICA'S NEXT HOTTEST MUSIC PRODUCER"
77640025
2008-12-25
AMERICA SPORTS DRINK
"AMERICA SPORTS DRINK"
77523496
2008-07-16
AMERICA ICE TEA
"AMERICA ICE TEA"
77519608
2008-07-10
UNITED STATE WATER
"UNITED STATE WATER"
77469862
2008-05-08
123456789 = Registration Number
123456789 = Serial Number

Popular searches for "Jenkins"

Jenkins

jenkins.io

Jenkins Jenkins an open source automation server which enables developers around the world to reliably build, test, and deploy their software

jenkins-ci.org wiki.jenkins.io/display/JENKINS/Home jenkins-ci.org wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins www.jenkins-ci.org wiki.jenkins-ci.org/display/JENKINS/Home wiki.jenkins.io/display/JENKINS/Home Jenkins (software) Server (computing) Automation Software deployment Plug-in (computing) Software Open-source software Continuous delivery Software build Programmer Continuous integration Operating system User (computing) Java (programming language) Google Summer of Code User story Adobe Contribute OpenJDK Software development Debian version history

Jenkins download and deployment

www.jenkins.io/download

Jenkins download and deployment Jenkins an open source automation server which enables developers around the world to reliably build, test, and deploy their software

Jenkins (software) Software deployment Long-term support Download Cloud computing Software release life cycle Package manager Programmer Installation (computer programs) Software Docker (software) Server (computing) User (computing) Plug-in (computing) Open-source software Automation Java package OpenBSD MacOS Gentoo Linux

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].