The host is installed with Jenkins LTS through 2.138.1 or Jenkins rolling release through 2.145 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle an issue in core/src/main/java/hudson/model/FileParameterValue.java. Successful exploitation could allow attackers with job/configure permission to define a file parameter with a file nam ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to a CSRF vulnerability. A flaw is present in the application, which fails to properly handle an issue in ZipExtractionInstaller.java. Successful exploitation could allow attackers to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful or ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an path traversal vulnerability. A flaw is present in the application, which fails to properly handle an issue in FilePath.java and SoloFilePathFilter.java. Successful exploitation could allow attackers to read and write arbitrary files on the Jenkins master, bypassing the agent-to-maste ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an improper neutralization of control sequences vulnerability. A flaw is present in the application, which fails to properly handle an issue in neutralization of control sequences. Successful exploitation could allow attackers to cause unauthorized modifications.
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an issue in AboutJenkins.java. Successful exploitation could allow attackers to enumerate all installed plugins.
The host is installed with Jenkins LTS through 2.107.1 or Jenkins rolling release through 2.115 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in onfirmationList.jelly and stopButton.jelly. Successful exploitation could allow attackers with job/configure and/or job/create permission to create an item name containi ...
The host is installed with Jenkins LTS through 2.107.1 or Jenkins rolling release through 2.115 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an issue in CLICommand.java and ViewOptionHandler.java. Successful exploitation could allow unauthorized attackers to confirm the existence of agents or views with an attacker-sp ...
The host is installed with Jenkins LTS through 2.89.3 or Jenkins rolling release through 2.106 and is prone to an improper authorization vulnerability. A flaw is present in the application, which fails to properly handle improper input validation. Successful exploitation could allow attackers to access plugin resource files in the meta-inf and web-inf directories that should not be accessible, if ...
The host is installed with Jenkins LTS through 2.89.3 or Jenkins rolling release through 2.106 and is prone to an improper authorization vulnerability. A flaw is present in the application, which fails to properly handle improper authorizations. Successful exploitation could allow attackers to an attacker to have jenkins submit http get requests and get limited information about the response.
The host is installed with Jenkins LTS before 2.32.2 or Jenkins rolling release before 2.44 and is prone to a CSRF vulnerability. A flaw is present in the application, which fails to properly handle an issue in GET requests. Successful exploitation could allow attackers to cause unauthorized modifications.