cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24403,https://securityvulnerability.io/vulnerability/CVE-2025-24403,Jenkins Azure Service Fabric Plugin Vulnerability Exposes Azure Credentials,"The Jenkins Azure Service Fabric Plugin, version 1.6 and prior, contains a critical security flaw due to a missing permission check. This vulnerability enables attackers who possess Overall/Read permissions to enumerate credential IDs of Azure credentials stored within Jenkins. This unauthorized access could potentially lead to further exploitation of sensitive data, emphasizing the need for prompt security patches and updates to safeguard configurations.",Jenkins,Jenkins Azure Service Fabric Plugin,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:55.460Z,0
CVE-2025-24402,https://securityvulnerability.io/vulnerability/CVE-2025-24402,Cross-Site Request Forgery in Jenkins Azure Service Fabric Plugin by Jenkins,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Azure Service Fabric Plugin 1.6 and earlier, allowing attackers to leverage specially crafted requests to connect to a Service Fabric URL. This can be achieved using attacker-specified credential IDs that are obtained through other methods, potentially leading to unauthorized access or manipulation of services.",Jenkins,Jenkins Azure Service Fabric Plugin,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:54.831Z,0
CVE-2025-24401,https://securityvulnerability.io/vulnerability/CVE-2025-24401,Authorization Flaw in Jenkins Folder-based Authorization Strategy Plugin by CloudBees,"The Jenkins Folder-based Authorization Strategy Plugin, up to version 217.vd5b_18537403e, fails to properly verify that the permissions granted to users are still valid. This flaw may enable users who previously held specific permissions, including optional ones like Overall/Manage, to retain access to functions they should no longer be entitled to. This behavior poses a significant risk as it can lead to unauthorized access and potential exploitation of sensitive functionalities.",Jenkins,Jenkins Folder-based Authorization Strategy Plugin,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:54.209Z,0
CVE-2025-24400,https://securityvulnerability.io/vulnerability/CVE-2025-24400,Credential Misuse in Jenkins Eiffel Broadcaster Plugin by CloudBees,"The Jenkins Eiffel Broadcaster Plugin, versions 2.8.0 to 2.10.2, is susceptible to a vulnerability where the credential ID is leveraged as the cache key during signing operations. This flaw permits attackers to exploit the system by creating a credential that matches the ID of a legitimate one stored in a different credentials repository. As a result, attackers can sign events sent to RabbitMQ using valid credentials, potentially leading to unauthorized access and actions within applications relying on this integration.",Jenkins,Jenkins Eiffel Broadcaster Plugin,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:53.578Z,0
CVE-2025-24399,https://securityvulnerability.io/vulnerability/CVE-2025-24399,Case Insensitivity Vulnerability in Jenkins OpenId Connect Authentication Plugin,"The Jenkins OpenId Connect Authentication Plugin misinterprets username case sensitivity, enabling attackers to log in as any user. This flaw occurs in versions 4.452.v2849b_d3945fa_ and earlier, affecting Jenkins configurations that utilize case-sensitive OpenID Connect providers. By submitting a username with a different letter casing, an attacker can potentially gain unauthorized access, including administrative privileges, leading to significant security risks.",Jenkins,Jenkins Openid Connect Authentication Plugin,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:52.963Z,0
CVE-2025-24398,https://securityvulnerability.io/vulnerability/CVE-2025-24398,CSRF Bypass Vulnerability in Jenkins Bitbucket Server Integration Plugin by Jenkins,"The Jenkins Bitbucket Server Integration Plugin, versions 2.1.0 through 4.1.3, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to manipulate URLs to bypass the CSRF protections implemented in Jenkins, potentially leading to unauthorized actions within the Jenkins environment. It is crucial for users of the affected versions to update promptly to maintain system integrity and safeguard against possible exploitation.",Jenkins,Jenkins Bitbucket Server Integration Plugin,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:52.362Z,0
CVE-2025-24397,https://securityvulnerability.io/vulnerability/CVE-2025-24397,Permission Check Flaw in Jenkins GitLab Plugin Allows Credential Enumeration,"A security vulnerability exists in the Jenkins GitLab Plugin, specifically in versions up to 1.9.6, due to an improper permission check. This flaw enables attackers who possess global Item/Configure permissions, but do not have permissions on specific jobs, to enumerate sensitive credential IDs associated with GitLab API tokens and Secret text credentials stored within Jenkins. This could potentially compromise the confidentiality of sensitive information, allowing unauthorized access and manipulation.",Jenkins,Jenkins Gitlab Plugin,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-22T17:02:51.699Z,0
CVE-2024-54003,https://securityvulnerability.io/vulnerability/CVE-2024-54003,Stored Cross-Site Scripting Vulnerability in Jenkins Simple Queue Plugin,"The Simple Queue Plugin for Jenkins, in versions up to and including 1.4.4, contains a significant vulnerability where the view name is not properly escaped. This lack of escaping can be exploited by attackers who hold View/Create permissions, allowing them to inject malicious scripts into views that may be executed in the context of other users' sessions. This vulnerability exposes Jenkins installations to potential data breaches and unauthorized access, necessitating immediate attention from administrators to ensure proper updates and mitigations are applied.",Jenkins,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-27T17:15:00.000Z,0
CVE-2024-54004,https://securityvulnerability.io/vulnerability/CVE-2024-54004,Filesystem Parameter Exposure in Jenkins Filesystem List Parameter Plugin,"The Filesystem List Parameter Plugin for Jenkins fails to properly restrict access to the filesystem objects, allowing users with Item/Configure permissions to list file names from the Jenkins controller's filesystem. This vulnerability could potentially expose sensitive information stored in the file system, leading to security risks and data integrity issues. Proper permissions controls are essential for maintaining the security of the Jenkins environment, and it is crucial for users to update to the latest plugin versions to mitigate this risk.",Jenkins,,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-27T17:15:00.000Z,0
CVE-2024-52554,https://securityvulnerability.io/vulnerability/CVE-2024-52554,Julesploit Vulnerability Allows Bypass of Security Restrictions in Jenkins,"Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection.",Jenkins,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2024-52552,https://securityvulnerability.io/vulnerability/CVE-2024-52552,Jenkins Authorize Plugin Vulnerable to XSS Attacks,"The Jenkins Authorize Project Plugin versions prior to 1.7.3 contain a stored cross-site scripting (XSS) vulnerability. This issue arises when the plugin evaluates a potentially malicious string that contains the job name using JavaScript on the Authorization view. Attackers with Item/Configure permissions could exploit this weakness to inject arbitrary JavaScript code into affected Jenkins installations, potentially jeopardizing sensitive data and user sessions.",Jenkins,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2024-52549,https://securityvulnerability.io/vulnerability/CVE-2024-52549,Security Plugin Flaw Allows Controller File System Access,"Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system.",Jenkins,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2024-52551,https://securityvulnerability.io/vulnerability/CVE-2024-52551,Jenkins Pipeline Vulnerability Allows Unauthorized Restart of Builds,"Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved.",Jenkins,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2024-52553,https://securityvulnerability.io/vulnerability/CVE-2024-52553,Jenkins OpenId Connect Authentication Plugin Does Not Invalidate Previous Sessions on Login,Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.,Jenkins,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2024-52550,https://securityvulnerability.io/vulnerability/CVE-2024-52550,Unsafe Rebuild of Previous Builds,"Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.",Jenkins,Jenkins Pipeline: Groovy Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T21:15:00.000Z,0
CVE-2024-47803,https://securityvulnerability.io/vulnerability/CVE-2024-47803,Information Disclosure in Jenkins Due to Unredacted Multi-Line Secrets,"A vulnerability in Jenkins allows for the potential disclosure of sensitive multi-line secret values in error messages. When users submit forms that involve the `secretTextarea` form field, the system fails to appropriately redact the secrets, exposing confidential information unintentionally. This flaw affects Jenkins versions 2.478 and earlier and LTS version 2.462.2 and earlier, thus representing a risk for users who manage sensitive data within their Jenkins environments. It underscores the need for immediate action to mitigate risks associated with accidental information leakage.",Jenkins,Jenkins,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2024-47807,https://securityvulnerability.io/vulnerability/CVE-2024-47807,Authentication Bypass in Jenkins OpenId Connect Plugin by Jenkins,"The OpenId Connect Authentication Plugin for Jenkins fails to verify the 'iss' (Issuer) claim in the ID Token, which allows attackers to manipulate the authentication process. This flaw could enable unauthorized users to gain administrative access to Jenkins instances, posing a substantial risk to sensitive data and server integrity.",Jenkins,OpenId Connect Authentication Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2024-47804,https://securityvulnerability.io/vulnerability/CVE-2024-47804,Item Creation Bypass Vulnerability in Jenkins by CloudBees,"A vulnerability allows attackers with the Item/Configure permission in Jenkins to bypass item creation restrictions via the Jenkins CLI or REST API. In versions 2.478 and earlier, and LTS 2.462.2 and earlier, an item attempted to be created with insufficient permissions is stored in memory instead of being properly restricted. This creates a potential security risk as attackers can save unauthorized items, compromising the integrity and security of Jenkins environments.",Jenkins,Jenkins,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2024-47805,https://securityvulnerability.io/vulnerability/CVE-2024-47805,Sensitive Data Exposure in Jenkins Credentials Plugin by Jenkins,"The Jenkins Credentials Plugin exposes sensitive data as it fails to properly redact encrypted credential values when accessing the item configuration file, `config.xml`, through the REST API or Command-Line Interface (CLI). This vulnerability compromises the integrity of credential management, allowing unauthorized access to sensitive information if the appropriate security measures are not implemented. Specific versions of the plugin are impacted, necessitating prompt action to mitigate the risks.",Jenkins,Credentials,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2024-47806,https://securityvulnerability.io/vulnerability/CVE-2024-47806,Vulnerability in Jenkins OpenId Connect Authentication Plugin Allowing Unauthorized Access,"The Jenkins OpenId Connect Authentication Plugin fails to validate the 'aud' (Audience) claim within an ID Token. This oversight allows an attacker to manipulate the authentication process, potentially enabling them to gain unauthorized administrator access to the Jenkins platform. As a result, users of compromised versions may face significant security risks, highlighting the importance of upgrading to patched versions.",Jenkins,OpenId Connect Authentication Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2024-43045,https://securityvulnerability.io/vulnerability/CVE-2024-43045,Jenkins Vulnerability Allows Access to Other Users' Views Without Permission,"A security vulnerability in certain versions of Jenkins arises from the absence of a proper permission check within an HTTP endpoint. This flaw permits users with Overall/Read permissions to access other users' personal 'My Views'. As a consequence, sensitive user configurations could be exposed, which poses a risk to user privacy and system integrity. This issue affects all versions of Jenkins up to and including 2.470, as well as the Long-Term Support (LTS) version 2.452.3 and earlier. It is essential for users to review their Jenkins installations and ensure that they apply the necessary updates to remediate this vulnerability.",Jenkins,Jenkins,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-07T13:27:12.065Z,0
CVE-2024-43044,https://securityvulnerability.io/vulnerability/CVE-2024-43044,Jenkins Vulnerability Allows Agent Processes to Read Arbitrary Files,"An arbitrary file read vulnerability exists in Jenkins versions up to 2.470 and LTS 2.452.3. The flaw arises from the `ClassLoaderProxy#fetchJar` method within the Remoting library, which allows unauthorized agent processes to read sensitive files from the Jenkins controller's file system. This vulnerability poses a significant risk, as it can enable attackers to access confidential information, potentially leading to further exploitation or unauthorized actions within the Jenkins environment. Users are advised to evaluate their installations and apply mitigative steps as recommended by Jenkins security advisories.",Jenkins,Jenkins,8.8,HIGH,0.0005000000237487257,false,,true,false,true,2024-08-08T20:55:32.000Z,true,true,true,2024-09-06T16:52:02.855Z,2024-08-07T13:27:11.438Z,7785
CVE-2024-39460,https://securityvulnerability.io/vulnerability/CVE-2024-39460,Bitbucket OAuth Access Token Disclosure Vulnerability,Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.,Jenkins,Jenkins Bitbucket Branch Source Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-26T17:06:27.695Z,0
CVE-2024-39459,https://securityvulnerability.io/vulnerability/CVE-2024-39459,Unencrypted Secret File Credentials Stored on Jenkins Controller File System,"In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).",Jenkins,Jenkins Plain Credentials Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-26T17:06:27.043Z,0
CVE-2024-39458,https://securityvulnerability.io/vulnerability/CVE-2024-39458,Jenkins Structs Plugin May Accidentally Expose Secrets Through Logs,"When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log.",Jenkins,Jenkins Structs Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-26T17:06:26.399Z,0