Jenkins Project
49 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-57280
HIGH 8.8
Jenkins Script Security Plugin — Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts appli…
2026-06-24
CVE-2026-57281
HIGH 7.5
Jenkins Script Security Plugin — Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annota…
2026-06-24
CVE-2026-57282
MEDIUM 5
Jenkins Git Client Plugin — Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is …
2026-06-24
CVE-2026-57283
MEDIUM 4.3
Jenkins Pipeline: Groovy Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and ea…
2026-06-24
CVE-2026-57284
MEDIUM 4.3
Jenkins Pipeline: Groovy Plugin — Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instant…
2026-06-24
CVE-2026-57285
MEDIUM 4.3
Jenkins Github Branch Source Plugin — A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows a…
2026-06-24
CVE-2026-57286
MEDIUM 4.3
Jenkins Git Parameter Plugin — A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers wit…
2026-06-24
CVE-2026-57287
MEDIUM 4.3
Jenkins Job Configuration History Plugin — Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values…
2026-06-24
CVE-2026-57288
LOW 3.7
Jenkins Active Directory Plugin — Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP sear…
2026-06-24
CVE-2026-57289
MEDIUM 4.8
Jenkins Bitbucket Push And Pull Request Plugin — Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate …
2026-06-24
CVE-2026-57290
MEDIUM 4.3
Jenkins Priority Sorter Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and ear…
2026-06-24
CVE-2026-57291
MEDIUM 5.4
Jenkins Gitee Plugin — Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overa…
2026-06-24
CVE-2026-57292
MEDIUM 5.4
Jenkins Gitee Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier al…
2026-06-24
CVE-2026-57293
MEDIUM 4.3
Jenkins Gitee Plugin — An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with …
2026-06-24
CVE-2026-57294
MEDIUM 5.4
Jenkins Ec2 Fleet Plugin — A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers w…
2026-06-24
CVE-2026-57295
MEDIUM 5.4
Jenkins Ec2 Fleet Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and ear…
2026-06-24
CVE-2026-57296
HIGH 8.8
Jenkins External Workspace Manager Plugin — Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the cu…
2026-06-24
CVE-2026-57297
N/A
Jenkins Contrast Continuous Application Security Plugin — A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows …
2026-06-24
CVE-2026-57298
MEDIUM 5.4
Jenkins Contrast Continuous Application Security Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3…
2026-06-24
CVE-2026-57299
N/A
Jenkins Contrast Continuous Application Security Plugin — Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow at…
2026-06-24
CVE-2026-57300
MEDIUM 4.3
Jenkins Mcp Server Plugin — A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with…
2026-06-24
CVE-2026-57301
HIGH 8.8
Jenkins Owasp Zap Plugin — Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the…
2026-06-24
CVE-2026-57302
MEDIUM 4.3
Jenkins Fitnesse Plugin — Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins c…
2026-06-24
CVE-2026-57303
HIGH 7.1
Jenkins Assembla Plugin — Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE)…
2026-06-24
CVE-2026-57304
MEDIUM 5.4
Jenkins Assembla Plugin — A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permi…
2026-06-24
CVE-2026-57305
MEDIUM 5.4
Jenkins Assembla Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers …
2026-06-24
CVE-2026-57306
MEDIUM 4.2
Jenkins Zowe Zdevops Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and …
2026-06-24
CVE-2026-57307
MEDIUM 4.2
Jenkins Zowe Zdevops Plugin — A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attacker…
2026-06-24
CVE-2026-53435
HIGH 8.8
Jenkins — In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserializ…
2026-06-10
CVE-2026-53436
MEDIUM 4.3
Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is le…
2026-06-10
CVE-2026-53437
MEDIUM 4.3
Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is le…
2026-06-10
CVE-2026-53438
MEDIUM 4.3
Jenkins — A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Ca…
2026-06-10
CVE-2026-53439
MEDIUM 4.3
Jenkins — Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/R…
2026-06-10
CVE-2026-53440
MEDIUM 4.3
Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate …
2026-06-10
CVE-2026-53441
N/A
Jenkins — Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the…
2026-06-10
CVE-2026-53442
MEDIUM 5.3
Jenkins — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions b…
2026-06-10
CVE-2026-48916
MEDIUM 6.6
Jenkins Ldap Plugin — Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
2026-05-27
CVE-2026-48917
MEDIUM 6.6
Jenkins Ldap Plugin — Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
2026-05-27
CVE-2026-48918
MEDIUM 6.6
Jenkins Active Directory Plugin — Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
2026-05-27
CVE-2026-48919
MEDIUM 6.6
Jenkins Active Directory Plugin — Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
2026-05-27
CVE-2026-48920
HIGH 8.8
Jenkins Email Extension Plugin — Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email cont…
2026-05-27
CVE-2026-48921
HIGH 7.5
Jenkins Pipeline: Groovy Libraries Plugin — Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links i…
2026-05-27
CVE-2026-48922
HIGH 7.5
Jenkins Credentials Binding Plugin — Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for fi…
2026-05-27
CVE-2026-48923
MEDIUM 4.3
Jenkins Appspider Plugin — Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form …
2026-05-27
CVE-2026-48924
MEDIUM 4.3
Jenkins Bitbucket Oauth Plugin — Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attac…
2026-05-27
CVE-2026-48925
MEDIUM 4.3
Jenkins Github Integration Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allow…
2026-05-27
CVE-2026-48926
MEDIUM 4.3
Jenkins Job Import Plugin — Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpo…
2026-05-27
CVE-2026-48927
MEDIUM 5.5
Jenkins Buildgraph View Plugin — Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site…
2026-05-27
CVE-2026-9674
MEDIUM 4.3
Jenkins Multijob Plugin — A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier a…
2026-05-27