Filtered by vendor Jenkins
Subscribe
Total
1672 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58458 | 1 Jenkins | 1 Git Client | 2025-09-08 | N/A | 4.3 MEDIUM |
| In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2025-58459 | 1 Jenkins | 1 Global Build Stats | 2025-09-08 | N/A | 4.3 MEDIUM |
| Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. | |||||
| CVE-2021-28165 | 4 Eclipse, Jenkins, Netapp and 1 more | 21 Jetty, Jenkins, Cloud Manager and 18 more | 2025-08-27 | 7.8 HIGH | 7.5 HIGH |
| In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | |||||
| CVE-2024-9453 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Developer Tools And Services | 2025-08-18 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. | |||||
| CVE-2025-53670 | 1 Jenkins | 1 Nouvola Divecloud | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53669 | 1 Jenkins | 1 Vaddy | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53668 | 1 Jenkins | 1 Vaddy | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53667 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-07-18 | N/A | 5.3 MEDIUM |
| Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53666 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53665 | 1 Jenkins | 1 Apica Loadtest | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53664 | 1 Jenkins | 1 Apica Loadtest | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53652 | 1 Jenkins | 1 Git Parameter | 2025-07-18 | N/A | 8.2 HIGH |
| Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters. | |||||
| CVE-2025-53651 | 1 Jenkins | 1 Html Publisher | 2025-07-18 | N/A | 6.3 MEDIUM |
| Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. | |||||
| CVE-2025-53650 | 1 Jenkins | 1 Credentials Binding | 2025-07-18 | N/A | 7.3 HIGH |
| Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log. | |||||
| CVE-2025-53653 | 1 Jenkins | 1 Aqua Security Scanner | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53654 | 1 Jenkins | 1 Statistics Gatherer | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2025-53655 | 1 Jenkins | 1 Statistics Gatherer | 2025-07-18 | N/A | 5.3 MEDIUM |
| Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2025-53660 | 1 Jenkins | 1 Qmetry Test Management | 2025-07-18 | N/A | 4.3 MEDIUM |
| Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-53659 | 1 Jenkins | 1 Qmetry Test Management | 2025-07-18 | N/A | 6.5 MEDIUM |
| Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-53658 | 1 Jenkins | 1 Applitools Eyes | 2025-07-18 | N/A | 5.4 MEDIUM |
| Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||