cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24399,https://securityvulnerability.io/vulnerability/CVE-2025-24399,Case Insensitivity Vulnerability in Jenkins OpenId Connect Authentication Plugin,"The Jenkins OpenId Connect Authentication Plugin misinterprets username case sensitivity, enabling attackers to log in as any user. This flaw occurs in versions 4.452.v2849b_d3945fa_ and earlier, affecting Jenkins configurations that utilize case-sensitive OpenID Connect providers. By submitting a username with a different letter casing, an attacker can potentially gain unauthorized access, including administrative privileges, leading to significant security risks.",Jenkins,Jenkins Openid Connect Authentication Plugin,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:52.963Z,0
CVE-2025-24398,https://securityvulnerability.io/vulnerability/CVE-2025-24398,CSRF Bypass Vulnerability in Jenkins Bitbucket Server Integration Plugin by Jenkins,"The Jenkins Bitbucket Server Integration Plugin, versions 2.1.0 through 4.1.3, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to manipulate URLs to bypass the CSRF protections implemented in Jenkins, potentially leading to unauthorized actions within the Jenkins environment. It is crucial for users of the affected versions to update promptly to maintain system integrity and safeguard against possible exploitation.",Jenkins,Jenkins Bitbucket Server Integration Plugin,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:52.362Z,0
CVE-2024-47805,https://securityvulnerability.io/vulnerability/CVE-2024-47805,Sensitive Data Exposure in Jenkins Credentials Plugin by Jenkins,"The Jenkins Credentials Plugin exposes sensitive data as it fails to properly redact encrypted credential values when accessing the item configuration file, `config.xml`, through the REST API or Command-Line Interface (CLI). This vulnerability compromises the integrity of credential management, allowing unauthorized access to sensitive information if the appropriate security measures are not implemented. Specific versions of the plugin are impacted, necessitating prompt action to mitigate the risks.",Jenkins,Credentials,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2024-43044,https://securityvulnerability.io/vulnerability/CVE-2024-43044,Jenkins Vulnerability Allows Agent Processes to Read Arbitrary Files,"An arbitrary file read vulnerability exists in Jenkins versions up to 2.470 and LTS 2.452.3. The flaw arises from the `ClassLoaderProxy#fetchJar` method within the Remoting library, which allows unauthorized agent processes to read sensitive files from the Jenkins controller's file system. This vulnerability poses a significant risk, as it can enable attackers to access confidential information, potentially leading to further exploitation or unauthorized actions within the Jenkins environment. Users are advised to evaluate their installations and apply mitigative steps as recommended by Jenkins security advisories.",Jenkins,Jenkins,8.8,HIGH,0.0005000000237487257,false,,true,false,true,2024-08-08T20:55:32.000Z,true,true,true,2024-09-06T16:52:02.855Z,2024-08-07T13:27:11.438Z,7785
CVE-2024-23904,https://securityvulnerability.io/vulnerability/CVE-2024-23904,Information Disclosure in Jenkins Log Command Plugin by Jenkins,"The Log Command Plugin for Jenkins versions 1.0.2 and earlier is vulnerable due to a flaw in its command parser feature. This vulnerability allows unauthenticated attackers to exploit the ability to include file paths prefixed by an '@' character. When triggered, the parser expands these paths, leading to sensitive information disclosure by reading arbitrary files from the Jenkins controller's file system. This poses a significant security risk, particularly in environments where sensitive configurations or credentials may be stored in files accessible by the plugin.",Jenkins,Jenkins Log Command Plugin,7.5,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2024-01-24T17:52:27.324Z,0
CVE-2024-23898,https://securityvulnerability.io/vulnerability/CVE-2024-23898,Jenkins CLI WebSocket Endpoint Vulnerability,"Jenkins versions 2.217 to 2.441 and LTS versions 2.222.1 to 2.426.2 are vulnerable to a cross-site WebSocket hijacking (CSWSH) attack due to inadequate origin validation for requests made through the CLI WebSocket endpoint. This flaw enables attackers to potentially execute arbitrary CLI commands on the Jenkins controller, allowing for unauthorized access and control over the Jenkins environment. Users of affected versions are strongly advised to apply security updates to mitigate the risk associated with this vulnerability.",Jenkins,Jenkins,8.8,HIGH,0.0015300000086426735,false,,true,false,true,2024-09-02T09:44:32.000Z,,false,false,,2024-01-24T17:52:23.492Z,0
CVE-2024-23897,https://securityvulnerability.io/vulnerability/CVE-2024-23897,Arbitrary File Read Vulnerability in Jenkins CLI Command Parser,"A security issue exists in Jenkins due to the command line interface parser failing to properly handle inputs containing an '@' character followed by a file path. This flaw can be exploited by unauthenticated attackers, allowing them to read arbitrary files from the Jenkins controller's file system. The vulnerability highlights a critical oversight in input validation and poses significant risks for confidentiality and data security.",Jenkins,Jenkins,9.8,CRITICAL,0.9735400080680847,true,2024-08-19T00:00:00.000Z,true,true,true,2024-01-26T16:30:26.000Z,true,true,true,2024-01-26T15:52:02.563Z,2024-01-24T17:52:22.842Z,39336
CVE-2023-50778,https://securityvulnerability.io/vulnerability/CVE-2023-50778,Cross-Site Request Forgery Vulnerability in Jenkins PaaSLane Estimate Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins PaaSLane Estimate Plugin version 1.0.4 and earlier. This flaw permits attackers to connect to a URL specified by them, utilizing an attacker-defined token, which could lead to unauthorized actions being executed on behalf of unsuspecting users.",Jenkins,Jenkins PaaSLane Estimate Plugin,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-50764,https://securityvulnerability.io/vulnerability/CVE-2023-50764,File Deletion Vulnerability in Jenkins Scriptler Plugin by Jenkins,"The Jenkins Scriptler Plugin prior to version 342.v6a_89fd40f466 lacks proper validation of the file name query parameter in an HTTP endpoint. This vulnerability can be exploited by users with Scriptler/Configure permission, enabling them to delete arbitrary files from the Jenkins controller's file system, potentially leading to critical data loss and disruption of service.",Jenkins,Jenkins Scriptler Plugin,8.1,HIGH,0.002090000081807375,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-50768,https://securityvulnerability.io/vulnerability/CVE-2023-50768,CSRF Vulnerability in Jenkins Nexus Platform Plugin,"A cross-site request forgery vulnerability exists in the Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier, enabling attackers to leverage manipulated requests to connect to a malicious HTTP server. By obtaining attacker-specified credential IDs through alternate methods, attackers can potentially capture sensitive credentials stored in Jenkins, leading to unauthorized access and exploitation.",Jenkins,Jenkins Nexus Platform Plugin,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-50774,https://securityvulnerability.io/vulnerability/CVE-2023-50774,Cross-Site Request Forgery Vulnerability in Jenkins HTMLResource Plugin,"A cross-site request forgery (CSRF) vulnerability has been identified in the Jenkins HTMLResource Plugin, specifically affecting version 1.02 and earlier. Exploitation of this vulnerability allows attackers to delete arbitrary files from the Jenkins controller file system, thereby posing a significant risk to the integrity of the system. It is recommended that users update to the latest version of the plugin to mitigate this security issue. For further details and mitigation strategies, refer to the Jenkins Security Advisory.",Jenkins,Jenkins HTMLResource Plugin,8.1,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-50766,https://securityvulnerability.io/vulnerability/CVE-2023-50766,Cross-Site Request Forgery Vulnerability in Jenkins Nexus Platform Plugin,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Nexus Platform Plugin, specifically in versions 3.18.0-03 and earlier. This flaw allows attackers to manipulate user requests to send malicious HTTP requests to user-defined URLs, potentially leading to unauthorized actions and data manipulation. The vulnerability enables the parsing of the response as XML, which could be leveraged in further exploitations. Users of the affected versions are advised to update to secure versions as recommended in the Jenkins security advisory.",Jenkins,Jenkins Nexus Platform Plugin,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-12-13T18:15:00.000Z,0
CVE-2023-49656,https://securityvulnerability.io/vulnerability/CVE-2023-49656,XML External Entity Vulnerability in Jenkins MATLAB Plugin by Jenkins,"The Jenkins MATLAB Plugin version 2.11.0 and earlier is vulnerable to XML external entity (XXE) attacks due to improper configuration of its XML parser. This flaw allows attackers to exploit the parser, potentially exposing sensitive data or enabling unauthorized actions within the Jenkins environment. It is crucial for users to upgrade to the latest version and apply necessary security patches to mitigate the risks associated with this vulnerability.",Jenkins,Jenkins MATLAB Plugin,9.8,CRITICAL,0.0015399999683722854,false,,false,false,false,,,false,false,,2023-11-29T14:15:00.000Z,0
CVE-2023-49673,https://securityvulnerability.io/vulnerability/CVE-2023-49673,CSRF Vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin,"A cross-site request forgery vulnerability exists in the Jenkins NeuVector Vulnerability Scanner Plugin, which may allow attackers to manipulate the application by sending unauthorized commands. An attacker can exploit this vulnerability to connect to a specified hostname and port, using custom credentials provided by them. This type of attack can lead to significant security issues if not mitigated. Proper validation and implementation of security measures are crucial to safeguard against such vulnerabilities.",Jenkins,Jenkins Neuvector Vulnerability Scanner Plugin,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-11-29T14:15:00.000Z,0
CVE-2023-49654,https://securityvulnerability.io/vulnerability/CVE-2023-49654,Missing Permission Checks in Jenkins MATLAB Plugin by Jenkins,"The Jenkins MATLAB Plugin, version 2.11.0 and earlier, is affected by a security flaw that allows unauthorized attackers to exploit missing permission checks. This vulnerability enables attackers to instruct Jenkins to parse an XML file directly from the Jenkins controller's file system, potentially leading to unauthorized access or disclosure of sensitive information. Proper safeguards are necessary to mitigate these risks and protect user data from potential exploitation.",Jenkins,Jenkins MATLAB Plugin,9.8,CRITICAL,0.0021899999119341373,false,,false,false,false,,,false,false,,2023-11-29T14:15:00.000Z,0
CVE-2023-49655,https://securityvulnerability.io/vulnerability/CVE-2023-49655,Cross-Site Request Forgery in Jenkins MATLAB Plugin by Jenkins,"A cross-site request forgery vulnerability exists in the Jenkins MATLAB Plugin, allowing malicious attackers to exploit the plugin. If successfully exploited, the vulnerability enables unauthorized parsing of XML files from the Jenkins controller file system, potentially exposing sensitive information or enabling further attacks. Users of Jenkins MATLAB Plugin versions 2.11.0 and earlier are urged to update to secure versions as recommended in the official Jenkins Security Advisory.",Jenkins,Jenkins MATLAB Plugin,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-11-29T14:15:00.000Z,0
CVE-2023-46654,https://securityvulnerability.io/vulnerability/CVE-2023-46654,Symbolic Link Vulnerability in Jenkins CloudBees CD Plugin,"The Jenkins CloudBees CD Plugin version 1.1.32 and earlier is susceptible to a vulnerability where symbolic links can be followed to unauthorized locations during the cleanup phase of the 'CloudBees CD - Publish Artifact' post-build step. This flaw enables attackers with the ability to configure jobs to execute commands that may lead to the deletion of arbitrary files from the Jenkins controller filesystem, potentially compromising the security and integrity of the system.",Jenkins,Jenkins Cloudbees Cd Plugin,8.1,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-43496,https://securityvulnerability.io/vulnerability/CVE-2023-43496,File Permission Vulnerability in Jenkins by Jenkins,"A vulnerability exists in Jenkins, where a temporary file is created in the system's temporary directory with default permissions when installing a plugin from a URL. This flaw allows an attacker with access to the temporary directory to potentially manipulate the temporary file before Jenkins installs it, leading to the possibility of arbitrary code execution. This issue affects versions 2.423 and earlier, along with Jenkins LTS 2.414.1 and earlier, highlighting a critical gap in secure plugin management.",Jenkins,Jenkins,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0
CVE-2023-43498,https://securityvulnerability.io/vulnerability/CVE-2023-43498,File Upload Vulnerability in Jenkins by CloudBees,"In Jenkins versions up to 2.423 and LTS version 2.414.1, an issue was identified where the MultipartFormDataParser handling file uploads can lead to the creation of temporary files with default system permissions. This may allow unauthorized access for attackers who gain access to the Jenkins controller filesystem, enabling them to potentially read and write these files before they are processed by the system.",Jenkins,Jenkins,8.1,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0
CVE-2023-43500,https://securityvulnerability.io/vulnerability/CVE-2023-43500,CSRF Vulnerability in Jenkins Build Failure Analyzer Plugin by Jenkins,"A cross-site request forgery (CSRF) flaw exists in the Jenkins Build Failure Analyzer Plugin, versions 2.4.1 and earlier, which permits attackers to trick users into executing unwanted actions. This security issue enables an attacker to connect to a maliciously specified hostname and port by exploiting user credentials without their consent, compromising the integrity of the affected Jenkins setup. Users should review their systems and apply necessary updates to mitigate the risks associated with this vulnerability.",Jenkins,Jenkins Build Failure Analyzer Plugin,8.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0
CVE-2023-43497,https://securityvulnerability.io/vulnerability/CVE-2023-43497,File Upload Vulnerability in Jenkins by CloudBees,"In specific versions of Jenkins, the Stapler web framework improperly handles file uploads by creating temporary files in the system's default temporary directory. Due to the default permissions assigned to these files, unauthorized users with access to the Jenkins controller file system could potentially exploit this vulnerability. They may read or write to these temporary files before they are processed by the system, leading to possible data leaks or manipulation.",Jenkins,Jenkins,8.1,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-09-20T17:15:00.000Z,0
CVE-2023-41939,https://securityvulnerability.io/vulnerability/CVE-2023-41939,Permissions Management Flaw in Jenkins SSH2 Easy Plugin by Jenkins,"The Jenkins SSH2 Easy Plugin prior to version 1.5 exhibits a permissions management flaw. It fails to adequately verify whether permissions assigned to users are still valid. This oversight may grant users, who were previously assigned specific permissions (like Overall/Manage), access to functionalities they should no longer be entitled to. This vulnerability impacts the integrity of access controls and can lead to unauthorized actions within the Jenkins environment.",Jenkins,Jenkins Ssh2 Easy Plugin,8.8,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0
CVE-2023-41933,https://securityvulnerability.io/vulnerability/CVE-2023-41933,Security Flaw in Jenkins Job Configuration History Plugin by Jenkins,"The Jenkins Job Configuration History Plugin version 1227.v7a_79fc4dc01f and earlier lacks proper configuration for its XML parser, making it prone to XML External Entity (XXE) attacks. This vulnerability allows attackers to exploit the XML parser to read sensitive files from the server or perform internal network requests. Ensuring that XML external entities are disabled in the parser configuration can mitigate the risks associated with this vulnerability.",Jenkins,Jenkins Job Configuration History Plugin,8.8,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0
CVE-2023-41935,https://securityvulnerability.io/vulnerability/CVE-2023-41935,Non-constant Time Comparison Flaw in Jenkins Azure AD Plugin,"The Jenkins Azure AD Plugin, up to version 396.v86ce29279947, is susceptible to a non-constant time comparison issue. This vulnerability arises during the validation of CSRF protection nonces, which can be exploited by attackers employing statistical techniques to deduce a valid nonce from the application. The presence of this flaw underscores the necessity for developers to implement constant-time algorithms for security-critical operations to mitigate potential attacks.",Jenkins,Jenkins Azure Ad Plugin,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0
CVE-2023-41945,https://securityvulnerability.io/vulnerability/CVE-2023-41945,Authorization Misconfiguration in Jenkins Assembla Auth Plugin by Jenkins,"The Jenkins Assembla Auth Plugin versions up to 1.14 exhibit a serious flaw where the system does not adequately verify permissions granted to users. As a result, users who should only have EDIT permissions can unintentionally acquire Overall/Manage and Overall/SystemRead permissions. This oversight can lead to unauthorized access and control over Jenkins configurations, posing significant security risks to the application and its data integrity.",Jenkins,Jenkins Assembla Auth Plugin,8.8,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-09-06T13:15:00.000Z,0