pkg:Bitnami/jenkins

102 total CVEsCRITICAL14HIGH34MEDIUM48LOW6

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE
    from 0, < 2.452.1
  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0, < 2.414.3, >= 2.415.0, < 2.428.0
  • CRITICAL9.1CVE-2021-21697Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
    from 0, < 2.318.1
  • CRITICAL9.0CVE-2024-43044Jenkins Remoting library arbitrary file read vulnerability
    from 0, < 2.462.1, >= 2.463.0, < 2.479.1
  • CRITICAL9.0CVE-2021-21686Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21685Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21692Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21689Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21690Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21687Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21693Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21691Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21694Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21688Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • CRITICAL9.0CVE-2021-21695Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
    from 0, < 2.319.0
  • HIGH8.8CVE-2026-33001Jenkins has a link following vulnerability allows arbitrary file creation
    from 0, < 2.541.3, >= 2.542.0, < 2.555.0
  • HIGH8.8CVE-2024-23898Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
    >= 2.217.0, < 2.452.1
  • HIGH8.8CVE-2023-27898Cross-site Scripting vulnerability in Jenkins
    >= 2.270.0, < 2.394.0
  • HIGH8.8CVE-2021-21696Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
    from 0, < 2.318.1
  • HIGH8.8CVE-2020-2160Cross-Site Request Forgery in Jenkins
    from 0, < 2.227.1
  • HIGH8.6CVE-2020-2099Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
    from 0, < 2.218.1
  • HIGH8.0CVE-2026-27099Jenkins has a stored XSS vulnerability in node offline cause description
    >= 2.483.0, < 2.541.2, >= 2.542.0, < 2.551.0
  • HIGH8.0CVE-2023-43495Jenkins Cross-site Scripting vulnerability
    from 0, < 2.424.0
  • HIGH8.0CVE-2023-39151Jenkins Stored Cross-site Scripting vulnerability
    from 0, < 2.415.1
  • HIGH8.0CVE-2023-35141Jenkins CSRF protection bypass vulnerability
    from 0, < 2.401.1
  • HIGH8.0CVE-2022-41224Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
    >= 2.367.0, < 2.370.0
  • HIGH8.0CVE-2022-34173Cross-site Scripting vulnerability in Jenkins
    >= 2.340.0, < 2.355.1
  • HIGH8.0CVE-2022-34170Cross-site Scripting vulnerability in Jenkins
    >= 2.320.0, < 2.355.1
  • HIGH8.0CVE-2022-34171Cross-site Scripting vulnerability in Jenkins
    >= 2.321.0, < 2.355.1
  • HIGH8.0CVE-2022-34172Cross-site Scripting vulnerability in Jenkins
    >= 2.340.0, < 2.355.1
  • HIGH8.0CVE-2021-21605Path traversal vulnerability in Jenkins agent names
    from 0, < 2.274.1
  • HIGH8.0CVE-2021-21604Improper handling of REST API XML deserialization errors in Jenkins
    from 0, < 2.274.1
  • HIGH8.0CVE-2020-2229Jenkins Cross-Site Scripting vulnerability in help icons
    from 0, < 2.251.1
  • HIGH8.0CVE-2020-2230Jenkins Cross-site Scripting vulnerability in project naming strategy
    from 0, < 2.251.1
  • HIGH8.0CVE-2020-2222Stored XSS vulnerability in Jenkins 'keep forever' badge icon
    from 0, < 2.244.1
  • HIGH8.0CVE-2020-2220Stored XSS vulnerability in Jenkins job build time trend
    from 0, < 2.244.1
  • HIGH8.0CVE-2020-2221Stored XSS vulnerability in Jenkins upstream cause
    from 0, < 2.244.1
  • HIGH8.0CVE-2020-2223Stored XSS vulnerability in Jenkins console links
    from 0, < 2.244.1
  • HIGH7.5CVE-2026-33002Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
    >= 2.426.3, < 2.541.3, >= 2.542.0, < 2.555.0
  • HIGH7.5CVE-2025-67635Jenkins has a Denial of service vulnerability in HTTP-based CLI
    from 0, < 2.528.3, >= 2.529.0, < 2.541.0
  • HIGH7.5CVE-2023-36478HTTP/2 HPACK integer overflow and buffer allocation
    from 0, < 2.428.0
  • HIGH7.5CVE-2023-27901Denial of service in Jenkins Core
    from 0, < 2.394.0
  • HIGH7.5CVE-2022-2048Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
    from 0, < 2.361.1
  • HIGH7.5CVE-2022-34175Unauthorized view fragment access in Jenkins
    >= 2.335.0, < 2.355.1
  • HIGH7.5CVE-2021-21671Session fixation vulnerability in Jenkins
    >= 2.266.0, < 2.300.0
  • HIGH7.5CVE-2021-43859Denial of Service by injecting highly recursive collections or maps in XStream
    from 0, < 2.319.3, >= 2.321.0, < 2.334.0
  • HIGH7.5CVE-2021-28165Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources
    from 0, < 2.286.0
  • HIGH7.0CVE-2023-43496Jenkins temporary plugin file created with insecure permissions
    from 0, < 2.424.0
  • HIGH7.0CVE-2023-27899Incorrect Authorization in Jenkins Core
    from 0, < 2.394.0
  • MEDIUM6.5CVE-2024-9453Jenkins-image: sensitive data disclosure when using openshift jenkins image
  • MEDIUM6.5CVE-2023-27900Denial of service in Jenkins Core
    from 0, < 2.394.0
  • MEDIUM6.5CVE-2021-21683Path traversal vulnerability on Windows in Jenkins
    from 0, < 2.314.1
  • MEDIUM6.5CVE-2021-21607Excessive memory allocation in graph URLs leads to denial of service in Jenkins
    from 0, < 2.274.1
  • MEDIUM6.5CVE-2021-21602Arbitrary file read vulnerability in workspace browsers in Jenkins
    from 0, < 2.274.1
  • MEDIUM6.5CVE-2022-0538DoS vulnerability in bundled XStream library in Jenkins Core
    from 0, < 2.334.0
  • MEDIUM6.3CVE-2021-21682Improper handling of equivalent directory names on Windows in Jenkins
    from 0, < 2.314.1
  • MEDIUM6.1CVE-2021-21610Reflected XSS vulnerability in Jenkins markup formatter preview
    from 0, < 2.274.1
  • MEDIUM5.8CVE-2020-2100Jenkins vulnerable to UDP amplification reflection attack
    from 0, < 2.218.1
  • MEDIUM5.4CVE-2025-27624Jenkins cross-site request forgery (CSRF) vulnerability
    >= 2.493.0, < 2.504.1
  • MEDIUM5.4CVE-2024-43045Jenkins does not perform a permission check in an HTTP endpoint
    from 0, < 2.462.1, >= 2.463.0, < 2.479.1
  • MEDIUM5.4CVE-2021-21611Stored XSS vulnerability in Jenkins on new item page
    from 0, < 2.274.1
  • MEDIUM5.4CVE-2021-21608Stored XSS vulnerability in Jenkins button labels
    from 0, < 2.274.1
  • MEDIUM5.4CVE-2021-21603XSS vulnerability in Jenkins notification bar
    from 0, < 2.274.1
  • MEDIUM5.4CVE-2020-2231Improper Neutralization of Input During Web Page Generation in Jenkins
    from 0, < 2.251.1
  • MEDIUM5.4CVE-2020-2162Improper Neutralization of Input During Web Page Generation in Jenkins
    from 0, < 2.227.1
  • MEDIUM5.4CVE-2020-2161Improper Neutralization of Input During Web Page Generation in Jenkins
    from 0, < 2.227.1
  • MEDIUM5.4CVE-2020-2163Improper Neutralization of Input During Web Page Generation in Jenkins
    from 0, < 2.227.1
  • MEDIUM5.4CVE-2020-2103Jenkins Diagnostic page exposed session cookies
    from 0, < 2.218.1
  • MEDIUM5.3CVE-2025-59474Jenkins has a missing permission check, allowing users to obtain agent names
    from 0, < 2.516.3, >= 2.517.0, < 2.528.0
  • MEDIUM5.3CVE-2025-59476Jenkins has a log message injection vulnerability
    from 0, < 2.516.3, >= 2.517.0, < 2.528.0
  • MEDIUM5.3CVE-2022-34174Observable timing discrepancy allows determining username validity in Jenkins
    from 0, < 2.355.1
  • MEDIUM5.3CVE-2021-21615Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
    from 0, < 2.276.0
  • MEDIUM5.3CVE-2021-21609Missing permission check for paths with specific prefix in Jenkins
    from 0, < 2.274.1
  • MEDIUM5.3CVE-2020-2102Non-constant time HMAC comparison
    from 0, < 2.218.1
  • MEDIUM5.3CVE-2020-2101Non-constant time comparison of inbound TCP agent connection secret
    from 0, < 2.218.1
  • MEDIUM4.3CVE-2026-27100Jenkins has a build information disclosure vulnerability through Run Parameter
    >= 2.483.0, < 2.541.2, >= 2.542.0, < 2.551.0
  • MEDIUM4.3CVE-2025-67636Jenkins is missing a permission check on password fields
    from 0, < 2.528.3, >= 2.529.0, < 2.541.0
  • MEDIUM4.3CVE-2025-67638Jenkins's build authorization token is stored and displayed in plain text
    from 0, < 2.528.3, >= 2.529.0, < 2.541.0
  • MEDIUM4.3CVE-2025-67637Jenkins's build authorization token is stored and displayed in plain text
    from 0, < 2.528.3, >= 2.529.0, < 2.541.0
  • MEDIUM4.3CVE-2025-59475Jenkins is missing a permission check in the authenticated users' profile menu
    from 0, < 2.516.3, >= 2.517.0, < 2.528.0
  • MEDIUM4.3CVE-2025-31721Jenkins Missing Permission Check
    from 0, < 2.492.3, >= 2.493.0, < 2.504.1
  • MEDIUM4.3CVE-2025-31720Jenkins Missing Permission Check
    from 0, < 2.492.3, >= 2.493.0, < 2.504.1
  • MEDIUM4.3CVE-2025-27623Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
    >= 2.493.0, < 2.504.1
  • MEDIUM4.3CVE-2025-27622Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
    >= 2.493.0, < 2.504.1
  • MEDIUM4.3CVE-2025-27625Jenkins Open Redirect vulnerability
    >= 2.493.0, < 2.504.1
  • MEDIUM4.3CVE-2024-47804Jenkins item creation restriction bypass vulnerability
    from 0, < 2.462.3
  • MEDIUM4.3CVE-2024-47803Jenkins exposes multi-line secrets through error messages
    from 0, < 2.462.3
  • MEDIUM4.3CVE-2023-43494Jenkins does not exclude sensitive build variables from search
    >= 2.50.0, < 2.424.0
  • MEDIUM4.3CVE-2023-27902Incorrect Permission Preservation in Jenkins Core
    from 0, < 2.394.0
  • MEDIUM4.3CVE-2021-21670Improper permission checks allow canceling queue items and aborting builds in Jenkins
    from 0, < 2.300.0
  • MEDIUM4.3CVE-2021-21640View name validation bypass in Jenkins
    from 0, < 2.286.1
  • MEDIUM4.3CVE-2021-21639Lack of type validation in agent related REST API in Jenkins
    from 0, < 2.286.1
  • MEDIUM4.3CVE-2021-21606Arbitrary file existence check in file fingerprints in Jenkins
    from 0, < 2.274.1
  • MEDIUM4.3CVE-2020-2251Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
    from 0, < 2.236.0
  • MEDIUM4.3CVE-2020-2104Memory usage graphs accessible to anyone with Overall/Read
    from 0, < 2.218.1
  • MEDIUM4.3CVE-2022-20612Cross-Site Request Forgery in Jenkins
    from 0, < 2.329.1
  • LOW3.6CVE-2023-43498Jenkins temporary uploaded file created with insecure permissions
    from 0, < 2.424.0
  • LOW3.6CVE-2023-43497Jenkins temporary uploaded file created with insecure permissions
    from 0, < 2.424.0
  • LOW3.6CVE-2023-27903Incorrect Authorization in Jenkins Core
    from 0, < 2.394.0
  • LOW3.5CVE-2025-67639Jenkins has a CSRF vulnerability on the login form
    from 0, < 2.528.3, >= 2.529.0, < 2.541.0
  • LOW3.1CVE-2023-27904Information disclosure through error stack traces related to agents
    from 0, < 2.394.0
  • LOW3.1CVE-2020-2105Jenkins REST APIs vulnerable to clickjacking
    from 0, < 2.218.1