pkg:Maven/org.jenkins-ci.main:jenkins-core

All known vulnerabilities

• CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE
  >= 1.606, < 2.426.3
• CRITICAL9.8CVE-2017-1000353⚠ KEVDeserialization of Untrusted Data in Jenkins
  >= 2.50, < 2.57
• CRITICAL9.8⚠ KEVDeserialization of Untrusted Data in Jenkins
  from 0, < 2.138.4
• HIGH7.5⚠ KEVJenkins discloses project names via fingerprints
  from 0, < 1.625.2
• CRITICAL9.8Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
  >= 1.498, < 2.32.2
• CRITICAL9.8Jenkins allows Execution of Code by Opening a JRMP Listener
  >= 1.643, < 1.650
• CRITICAL9.8Exposure of Sensitive Information in Jenkins Core
  from 0, < 1.650
• CRITICAL9.8Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
  >= 2.20, < 2.32
• CRITICAL9.1Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Jenkins Remoting library arbitrary file read vulnerability
  from 0, < 2.452.4
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• CRITICAL9.0Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
  from 0, < 2.303.3
• HIGH8.8Jenkins has a link following vulnerability allows arbitrary file creation
  from 0, < 2.555
• HIGH8.8Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
  >= 2.217, < 2.426.3
• HIGH8.8Cross-site Scripting vulnerability in Jenkins
  >= 2.376, < 2.394
• HIGH8.8Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
  from 0, < 2.303.3
• HIGH8.8Cross-Site Request Forgery in Jenkins
  from 0, < 2.204.6
• HIGH8.8Cross-Site Request Forgery in Jenkins
  from 0, < 2.176.3
• HIGH8.8Jenkins allows Deserialization of Untrusted Data via an XML File
  >= 1.643, < 1.650
• HIGH8.8Cross-Site Request Forgery in Jenkins
  >= 2.50, < 2.57
• HIGH8.8Improper Authentication in Jenkins
  >= 2.50, < 2.57
• HIGH8.8OS Command Injection in Jenkins
  from 0, < 2.73.2
• HIGH8.8Deserialization of Untrusted Data in Jenkins
  from 0, < 2.32.2
• HIGH8.8Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
  >= 1.626, < 1.640
• HIGH8.8Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
  >= 1.626, < 1.640
• HIGH8.8Improper Input Validation in Jenkins
  from 0, < 2.121.2
• HIGH8.8Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
  from 0, < 1.466.2
• HIGH8.6Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
  from 0, < 2.204.2
• HIGH8.2Improper Limitation of a Pathname to a Restricted Directory in Jenkins
  from 0, < 2.138.4
• HIGH8.1Race Condition in Jenkins
  >= 2.81, < 2.89.2
• HIGH8.1Cross-Site Request Forgery in Jenkins
  >= 2.81, < 2.89.2
• HIGH8.1Insufficient Session Expiration in Jenkins
  from 0, < 2.164.2
• HIGH8.1Path Traversal in Jenkins
  from 0, < 2.107.3
• HIGH8.0Jenkins: Stored XSS vulnerability in node offline cause description
  >= 2.483, < 2.568
• HIGH8.0Jenkins has a stored XSS vulnerability in node offline cause description
  >= 2.542, < 2.551
• HIGH8.0Jenkins Cross-site Scripting vulnerability
  >= 2.50, < 2.414.2
• HIGH8.0Jenkins Stored Cross-site Scripting vulnerability
  >= 2.402, < 2.414.1
• HIGH8.0Jenkins CSRF protection bypass vulnerability
  from 0, < 2.400
• HIGH8.0Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
  >= 2.367, < 2.370
• HIGH8.0Cross-site Scripting vulnerability in Jenkins
  >= 2.350, < 2.356
• HIGH8.0Cross-site Scripting vulnerability in Jenkins
  >= 2.350, < 2.356
• HIGH8.0Cross-site Scripting vulnerability in Jenkins
  >= 2.340, < 2.356
• HIGH8.0Cross-site Scripting vulnerability in Jenkins
  >= 2.340, < 2.356
• HIGH8.0Path traversal vulnerability in Jenkins agent names
  from 0, < 2.263.2
• HIGH8.0Improper handling of REST API XML deserialization errors in Jenkins
  from 0, < 2.263.2
• HIGH8.0Jenkins Cross-site Scripting vulnerability in project naming strategy
  from 0, < 2.235.4
• HIGH8.0Jenkins Cross-Site Scripting vulnerability in help icons
  from 0, < 2.235.4
• HIGH8.0Stored XSS vulnerability in Jenkins 'keep forever' badge icon
  from 0, < 2.235.2
• HIGH8.0Stored XSS vulnerability in Jenkins console links
  from 0, < 2.235.2
• HIGH8.0Stored XSS vulnerability in Jenkins job build time trend
  from 0, < 2.235.2
• HIGH8.0Stored XSS vulnerability in Jenkins upstream cause
  from 0, < 2.235.2
• HIGH7.8Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
  from 0, < 2.138.2
• HIGH7.5Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
  >= 2.442, < 2.555
• HIGH7.5Jenkins has a Denial of service vulnerability in HTTP-based CLI
  >= 2.529, < 2.541
• HIGH7.5Denial of service in Jenkins Core
  >= 2.388, < 2.394
• HIGH7.5Unauthorized view fragment access in Jenkins
  >= 2.335, < 2.356
• HIGH7.5Session fixation vulnerability in Jenkins
  >= 2.292, < 2.300
• HIGH7.5XML external entity (XXE) vulnerability in Jenkins
  >= 1.597, < 1.600
• HIGH7.5XML external entity (XXE) vulnerability in Jenkins
  >= 1.597, < 1.600
• HIGH7.5Cross-Site Request Forgery in Jenkins
  from 0, < 2.176.2
• HIGH7.5Improper Input Validation in Jenkins
  from 0, < 2.73.2
• HIGH7.5Missing Release of Resource after Effective Lifetime in Jenkins
  from 0, < 2.121.3
• HIGH7.5Jenkins does not Verify Checksums for Plugin Files
  from 0, < 1.625.2
• HIGH7.5Improper Input Validation in Jenkins
  from 0, < 2.121.2
• HIGH7.5Hash collision attack vulnerability in Jenkins
  >= 1.425, < 1.447
• HIGH7.4Jenkins affected by Open Redirect Vulnerability
  >= 1.652, < 2.3
• HIGH7.3Improper Input Validation in Jenkins
  from 0, < 2.73.3
• HIGH7.2Improper Authorization in Jenkins Core
  from 0, < 2.159
• HIGH7.2Improper Authorization in Jenkins Core
  from 0, < 2.150.2
• HIGH7.0Jenkins temporary plugin file created with insecure permissions
  >= 2.50, < 2.414.2
• HIGH7.0Incorrect Authorization in Jenkins Core
  >= 2.376, < 2.387.1
• MEDIUM6.5Denial of service in Jenkins Core
  >= 2.388, < 2.394
• MEDIUM6.5Path traversal vulnerability on Windows in Jenkins
  from 0, < 2.303.2
• MEDIUM6.5Excessive memory allocation in graph URLs leads to denial of service in Jenkins
  from 0, < 2.263.2
• MEDIUM6.5Arbitrary file read vulnerability in workspace browsers in Jenkins
  from 0, < 2.263.2
• MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory in Jenkins
  from 0, < 2.176.2
• MEDIUM6.5Jenkins allows Remote Users to Inject Build Parameters
  >= 1.660, < 2.3
• MEDIUM6.5Jenkins Exposes Sensitive Information from Job Configuration
  >= 1.652, < 2.3
• MEDIUM6.5Deserialization of Untrusted Data in Jenkins
  >= 2.50, < 2.57
• MEDIUM6.5Path Traversal in Jenkins
  from 0, < 2.138.2
• MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory in Jenkins
  from 0, < 2.138.2
• MEDIUM6.5Incorrect Authorization in Jenkins
  from 0, < 2.121.3
• MEDIUM6.5Infinite Loop in Jenkins Core
  from 0, < 2.138
• MEDIUM6.5Loop with Unreachable Exit Condition in Jenkins
  from 0, < 2.138.4
• MEDIUM6.5Improper Authorization in Jenkins
  from 0, < 2.138.2
• MEDIUM6.5Improper Limitation of a Pathname to a Restricted Directory in Jenkins
  from 0, < 2.89.4
• MEDIUM6.5DoS vulnerability in bundled XStream library in Jenkins Core
  >= 2.320, < 2.334
• MEDIUM6.3Improper handling of equivalent directory names on Windows in Jenkins
  >= 2.304, < 2.315
• MEDIUM6.1Reflected XSS vulnerability in Jenkins markup formatter preview
  from 0, < 2.263.2
• MEDIUM6.1Jenkins has CRLF Injection Vulnerability in the CLI
  >= 1.643, < 1.650
• MEDIUM6.1Cross-site Scripting in Jenkins
  from 0, < 2.138.2