← Browse

Jenkins Project

49 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-57280 HIGH 8.8 Jenkins Script Security Plugin — Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts appli… 2026-06-24 CVE-2026-57281 HIGH 7.5 Jenkins Script Security Plugin — Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annota… 2026-06-24 CVE-2026-57282 MEDIUM 5 Jenkins Git Client Plugin — Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is … 2026-06-24 CVE-2026-57283 MEDIUM 4.3 Jenkins Pipeline: Groovy Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and ea… 2026-06-24 CVE-2026-57284 MEDIUM 4.3 Jenkins Pipeline: Groovy Plugin — Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instant… 2026-06-24 CVE-2026-57285 MEDIUM 4.3 Jenkins Github Branch Source Plugin — A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows a… 2026-06-24 CVE-2026-57286 MEDIUM 4.3 Jenkins Git Parameter Plugin — A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers wit… 2026-06-24 CVE-2026-57287 MEDIUM 4.3 Jenkins Job Configuration History Plugin — Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values… 2026-06-24 CVE-2026-57288 LOW 3.7 Jenkins Active Directory Plugin — Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP sear… 2026-06-24 CVE-2026-57289 MEDIUM 4.8 Jenkins Bitbucket Push And Pull Request Plugin — Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate … 2026-06-24 CVE-2026-57290 MEDIUM 4.3 Jenkins Priority Sorter Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and ear… 2026-06-24 CVE-2026-57291 MEDIUM 5.4 Jenkins Gitee Plugin — Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overa… 2026-06-24 CVE-2026-57292 MEDIUM 5.4 Jenkins Gitee Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier al… 2026-06-24 CVE-2026-57293 MEDIUM 4.3 Jenkins Gitee Plugin — An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with … 2026-06-24 CVE-2026-57294 MEDIUM 5.4 Jenkins Ec2 Fleet Plugin — A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers w… 2026-06-24 CVE-2026-57295 MEDIUM 5.4 Jenkins Ec2 Fleet Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and ear… 2026-06-24 CVE-2026-57296 HIGH 8.8 Jenkins External Workspace Manager Plugin — Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the cu… 2026-06-24 CVE-2026-57297 N/A Jenkins Contrast Continuous Application Security Plugin — A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows … 2026-06-24 CVE-2026-57298 MEDIUM 5.4 Jenkins Contrast Continuous Application Security Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3… 2026-06-24 CVE-2026-57299 N/A Jenkins Contrast Continuous Application Security Plugin — Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow at… 2026-06-24 CVE-2026-57300 MEDIUM 4.3 Jenkins Mcp Server Plugin — A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with… 2026-06-24 CVE-2026-57301 HIGH 8.8 Jenkins Owasp Zap Plugin — Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the… 2026-06-24 CVE-2026-57302 MEDIUM 4.3 Jenkins Fitnesse Plugin — Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins c… 2026-06-24 CVE-2026-57303 HIGH 7.1 Jenkins Assembla Plugin — Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE)… 2026-06-24 CVE-2026-57304 MEDIUM 5.4 Jenkins Assembla Plugin — A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permi… 2026-06-24 CVE-2026-57305 MEDIUM 5.4 Jenkins Assembla Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers … 2026-06-24 CVE-2026-57306 MEDIUM 4.2 Jenkins Zowe Zdevops Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and … 2026-06-24 CVE-2026-57307 MEDIUM 4.2 Jenkins Zowe Zdevops Plugin — A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attacker… 2026-06-24 CVE-2026-53435 HIGH 8.8 Jenkins — In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserializ… 2026-06-10 CVE-2026-53436 MEDIUM 4.3 Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is le… 2026-06-10 CVE-2026-53437 MEDIUM 4.3 Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is le… 2026-06-10 CVE-2026-53438 MEDIUM 4.3 Jenkins — A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Ca… 2026-06-10 CVE-2026-53439 MEDIUM 4.3 Jenkins — Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/R… 2026-06-10 CVE-2026-53440 MEDIUM 4.3 Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate … 2026-06-10 CVE-2026-53441 N/A Jenkins — Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the… 2026-06-10 CVE-2026-53442 MEDIUM 5.3 Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions b… 2026-06-10 CVE-2026-48916 MEDIUM 6.6 Jenkins Ldap Plugin — Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals. 2026-05-27 CVE-2026-48917 MEDIUM 6.6 Jenkins Ldap Plugin — Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation. 2026-05-27 CVE-2026-48918 MEDIUM 6.6 Jenkins Active Directory Plugin — Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default. 2026-05-27 CVE-2026-48919 MEDIUM 6.6 Jenkins Active Directory Plugin — Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation. 2026-05-27 CVE-2026-48920 HIGH 8.8 Jenkins Email Extension Plugin — Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email cont… 2026-05-27 CVE-2026-48921 HIGH 7.5 Jenkins Pipeline: Groovy Libraries Plugin — Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links i… 2026-05-27 CVE-2026-48922 HIGH 7.5 Jenkins Credentials Binding Plugin — Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for fi… 2026-05-27 CVE-2026-48923 MEDIUM 4.3 Jenkins Appspider Plugin — Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form … 2026-05-27 CVE-2026-48924 MEDIUM 4.3 Jenkins Bitbucket Oauth Plugin — Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attac… 2026-05-27 CVE-2026-48925 MEDIUM 4.3 Jenkins Github Integration Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allow… 2026-05-27 CVE-2026-48926 MEDIUM 4.3 Jenkins Job Import Plugin — Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpo… 2026-05-27 CVE-2026-48927 MEDIUM 5.5 Jenkins Buildgraph View Plugin — Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site… 2026-05-27 CVE-2026-9674 MEDIUM 4.3 Jenkins Multijob Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier a… 2026-05-27