Known Vulnerabilities for products from Jenkins
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Jenkins".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-57307 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-57306 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-57305 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to a... | Not Provided | 2026-06-24 | 2026-06-25 |
| CVE-2026-57304 json | A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connec... | Not Provided | 2026-06-24 | 2026-06-25 |
| CVE-2026-57303 json | Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allow... | Not Provided | 2026-06-24 | 2026-06-25 |
| CVE-2026-57302 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-57301 json | Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57300 json | A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read perm... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57299 json | Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Ov... | Not Provided | 2026-06-24 | 2026-07-06 |
| CVE-2026-57298 json | Not Provided | 2026-06-24 | 2026-06-24 | |
| CVE-2026-57297 json | A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with ... | Not Provided | 2026-06-24 | 2026-07-06 |
| CVE-2026-57295 json | A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows att... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57294 json | A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Rea... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57290 json | A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows att... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57289 json | Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname va... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57288 json | Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in th... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57287 json | Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets whe... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57286 json | A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read per... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57285 json | A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with O... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-57284 json | Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through t... | Not Provided | 2026-06-24 | 2026-06-26 |
Known software with vulnerabilities from Jenkins
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Jenkins | 360 Fireline | 1.0 |
| Application | Jenkins | Absint Astree | 1.0.0 |
| Application | Jenkins | Active Choices | 0.1 |
| Application | Jenkins | Active Directory | 1.0 |
| Application | Jenkins | Alauda Devops Pipeline | 2.3.2 |
| Application | Jenkins | Alauda Kubernetes Support | 2.0.0 |
| Application | Jenkins | Amazon Ec2 | 1.0 |
| Application | Jenkins | Amazon Sns Build Notifier | - |
| Application | Jenkins | Amazon Web Services Serverless Application Model | 1.2.2 |
| Application | Jenkins | Amazon Web Services Service Application Model | 1.2.2 |
| Application | Jenkins | Anchore Container Image Scanner | 1.0.0 |
| Application | Jenkins | Android Lint | 1.0 |
| Application | Jenkins | Ansible | 0.1 |
| Application | Jenkins | Ansible Tower | 0.5.0 |
| Application | Jenkins | Appdynamics | 1.0.0 |
| Application | Jenkins | Applatix | - |
| Application | Jenkins | Appspider | 1.0.12 |
| Application | Jenkins | Aqua Microscanner | 1.0.0 |
| Application | Jenkins | Aqua Security Scanner | - |
| Application | Jenkins | Aqua Security Severless Scanner | 1.0.0 |