Jenkins CVE - CVE Search - CVE Details

Filtered by vendor Jenkins Subscribe

Total 1395 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-1010241	1 Jenkins	1 Credentials Binding	2020-09-30	4.0 MEDIUM	6.5 MEDIUM
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.
CVE-2019-1003034	2 Jenkins, Redhat	2 Job Dsl, Openshift Container Platform	2020-09-30	6.5 MEDIUM	9.9 CRITICAL
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003031	2 Jenkins, Redhat	2 Matrix Project, Openshift Container Platform	2020-09-30	6.5 MEDIUM	9.9 CRITICAL
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003032	1 Jenkins	1 Email Extension	2020-09-30	6.5 MEDIUM	9.9 CRITICAL
A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003033	1 Jenkins	1 Groovy	2020-09-30	6.5 MEDIUM	8.8 HIGH
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003035	1 Jenkins	1 Azure Vm Agents	2020-09-30	4.0 MEDIUM	4.3 MEDIUM
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
CVE-2019-1003036	1 Jenkins	1 Azure Vm Agents	2020-09-30	4.0 MEDIUM	4.3 MEDIUM
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
CVE-2019-1003039	1 Jenkins	1 Appdynamics	2020-09-30	4.0 MEDIUM	8.8 HIGH
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.
CVE-2019-1003037	1 Jenkins	1 Azure Vm Agents	2020-09-30	4.0 MEDIUM	6.5 MEDIUM
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2019-1003038	1 Jenkins	1 Repository Connector	2020-09-30	2.1 LOW	7.8 HIGH
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
CVE-2019-1003041	2 Jenkins, Redhat	2 Pipeline\, Openshift Container Platform	2020-09-30	7.5 HIGH	9.8 CRITICAL
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
CVE-2019-1003040	2 Jenkins, Redhat	2 Script Security, Openshift Container Platform	2020-09-30	7.5 HIGH	9.8 CRITICAL
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
CVE-2019-1003043	1 Jenkins	1 Slack Notification	2020-09-30	3.5 LOW	7.5 HIGH
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003047	1 Jenkins	1 Fortify On Demand Uploader	2020-09-30	4.0 MEDIUM	6.5 MEDIUM
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003048	1 Jenkins	1 Prqa	2020-09-29	2.1 LOW	7.8 HIGH
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
CVE-2019-1003000	2 Jenkins, Redhat	2 Script Security, Openshift Container Platform	2020-09-28	6.5 MEDIUM	8.8 HIGH
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
CVE-2019-1003001	2 Jenkins, Redhat	2 Pipeline\, Openshift Container Platform	2020-09-28	6.5 MEDIUM	8.8 HIGH
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-1003002	2 Jenkins, Redhat	2 Pipeline\, Openshift Container Platform	2020-09-28	6.5 MEDIUM	8.8 HIGH
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-1003011	2 Jenkins, Redhat	2 Token Macro, Openshift Container Platform	2020-09-28	5.5 MEDIUM	8.1 HIGH
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
CVE-2019-1003006	1 Jenkins	1 Groovy	2020-09-28	6.5 MEDIUM	8.8 HIGH
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

Vulnerabilities (CVE)