Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Jenkins project

Jenkins

64 Versions 93 CVEs

Versions

LTS 2.303.2

OTHER 13 CVEs

2.321

MAJOR_MINOR 1 CVE

LTS 2.319.2

OTHER 1 CVE

LTS 2.319.1

OTHER 1 CVE

LTS 2.332.1

OTHER 2 CVEs

2.340

MAJOR_MINOR 2 CVEs

LTS 2.332.3

OTHER 3 CVEs

before 1.447

OTHER 1 CVE

LTS 2.303.1

OTHER 2 CVEs

LTS 2.235.1

OTHER 4 CVEs

2.367

MAJOR_MINOR 1 CVE

LTS 2.289.1

OTHER 2 CVEs

unspecified

OTHER 56 CVEs

2.218

MAJOR_MINOR 6 CVEs

2.196 and earlier, LTS 2.176.3 and earlier

OTHER 6 CVEs

LTS 2.263.2

OTHER 1 CVE

2.191 and earlier, LTS 2.176.2 and earlier

OTHER 2 CVEs

LTS 2.204.5

OTHER 4 CVEs

2.266

MAJOR_MINOR 1 CVE

2.355

MAJOR_MINOR 6 CVEs

2.213

MAJOR_MINOR 1 CVE

2.185 and earlier, LTS 2.176.1 and earlier

OTHER 3 CVEs

2.318

MAJOR_MINOR 13 CVEs

LTS 2.235.3

OTHER 3 CVEs

LTS 2.263.1

OTHER 10 CVEs

2.158 and earlier, LTS 2.150.1 and earlier

OTHER 2 CVEs

2.286

MAJOR_MINOR 2 CVEs

LTS 2.277.1

OTHER 3 CVEs

2.251

MAJOR_MINOR 3 CVEs

2.227

MAJOR_MINOR 4 CVEs

2.171 and earlier, LTS 2.164.1 and earlier

OTHER 2 CVEs

2.369

MAJOR_MINOR 1 CVE

2.242

MAJOR_MINOR 1 CVE

2.299

MAJOR_MINOR 2 CVEs

2.335

MAJOR_MINOR 1 CVE

2.314

MAJOR_MINOR 2 CVEs

2.244

MAJOR_MINOR 4 CVEs

2.274

MAJOR_MINOR 10 CVEs

2.275

MAJOR_MINOR 1 CVE

LTS 2.204.1

OTHER 7 CVEs

2.333

MAJOR_MINOR 1 CVE

2.320

MAJOR_MINOR 1 CVE

2.329

MAJOR_MINOR 1 CVE

2.462.1

SEMANTIC 2 CVEs

2.426.3

SEMANTIC 2 CVEs

2.401.3

SEMANTIC 1 CVE

2.452.4

SEMANTIC 2 CVEs

2.414.1

SEMANTIC 1 CVE

2.471

MAJOR_MINOR 2 CVEs

2.388

MAJOR_MINOR 1 CVE

2.394

MAJOR_MINOR 7 CVEs

2.414.2

SEMANTIC 5 CVEs

2.376

MAJOR_MINOR 1 CVE

2.375.4

SEMANTIC 7 CVEs

2.270

MAJOR_MINOR 1 CVE

2.387.1

SEMANTIC 7 CVEs

2.424

MAJOR_MINOR 5 CVEs

2.440.1

SEMANTIC 2 CVEs

2.479

MAJOR_MINOR 2 CVEs

2.400

MAJOR_MINOR 1 CVE

0

SINGLE_NUMBER 3 CVEs

2.416

MAJOR_MINOR 1 CVE

2.442

MAJOR_MINOR 2 CVEs

2.462.3

SEMANTIC 2 CVEs

Recent CVEs

CVE-2024-47804

If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.

MEDIUM Oct 02, 2024

CVE-2024-47803

Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.

MEDIUM Oct 02, 2024

CVE-2024-43045

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

UNKNOWN Aug 07, 2024

CVE-2024-43044

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

HIGH Aug 07, 2024

CVE-2024-23898

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

UNKNOWN Jan 24, 2024

CVE-2023-43494

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.

UNKNOWN Sep 20, 2023