Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Total 1465 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36478 3 Debian, Eclipse, Jenkins 3 Debian Linux, Jetty, Jenkins 2024-06-21 N/A 7.5 HIGH
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.
CVE-2024-23898 1 Jenkins 1 Jenkins 2024-05-14 N/A 8.8 HIGH
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.
CVE-2022-27211 1 Jenkins 1 Kubernetes Continuous Deploy 2024-02-16 4.0 MEDIUM 6.5 MEDIUM
A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2024-23905 1 Jenkins 1 Red Hat Dependency Analytics 2024-02-05 N/A 5.4 MEDIUM
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2023-50779 1 Jenkins 1 Paaslane Estimate 2024-02-05 N/A 4.3 MEDIUM
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
CVE-2023-50776 1 Jenkins 1 Paaslane Estimate 2024-02-05 N/A 4.3 MEDIUM
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2023-49652 1 Jenkins 1 Google Compute Engine 2024-02-05 N/A 2.7 LOW
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1.
CVE-2023-49674 1 Jenkins 1 Neuvector Vulnerability Scanner 2024-02-05 N/A 4.3 MEDIUM
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.
CVE-2024-23902 1 Jenkins 1 Github Branch Source 2024-02-05 N/A 4.3 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2024-23899 1 Jenkins 1 Git Server 2024-02-05 N/A 6.5 MEDIUM
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.
CVE-2023-50764 1 Jenkins 1 Scriptler 2024-02-05 N/A 8.1 HIGH
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
CVE-2023-49653 1 Jenkins 1 Jira 2024-02-05 N/A 6.5 MEDIUM
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
CVE-2023-49654 1 Jenkins 1 Matlab 2024-02-05 N/A 9.8 CRITICAL
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
CVE-2023-50770 1 Jenkins 1 Openid 2024-02-05 N/A 6.7 MEDIUM
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining administrator access to Jenkins.
CVE-2023-50777 1 Jenkins 1 Paaslane Estimate 2024-02-05 N/A 4.3 MEDIUM
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-50775 1 Jenkins 1 Deployment Dashboard 2024-02-05 N/A 4.3 MEDIUM
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
CVE-2023-50771 1 Jenkins 1 Openid 2024-02-05 N/A 6.1 MEDIUM
Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
CVE-2023-50768 1 Jenkins 1 Nexus Platform 2024-02-05 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-50774 1 Jenkins 1 Html Resource 2024-02-05 N/A 8.1 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.
CVE-2024-23904 1 Jenkins 1 Log Command 2024-02-05 N/A 7.5 HIGH
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.