| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1003011 |
20 |
|
DoS |
2019-02-06 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation. |
|
2 |
CVE-2019-1003009 |
295 |
|
|
2019-02-06 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. |
|
3 |
CVE-2019-10435 |
319 |
|
|
2019-10-01 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. |
|
4 |
CVE-2019-10434 |
319 |
|
|
2019-10-01 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
|
5 |
CVE-2019-10428 |
319 |
|
|
2019-09-25 |
2019-09-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
|
6 |
CVE-2019-10427 |
319 |
|
|
2019-09-25 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
|
7 |
CVE-2019-10412 |
319 |
|
|
2019-09-25 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
|
8 |
CVE-2019-10411 |
319 |
|
|
2019-09-25 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
|
9 |
CVE-2019-10382 |
295 |
|
|
2019-08-07 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. |
|
10 |
CVE-2019-10372 |
601 |
|
|
2019-08-07 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. |
|
11 |
CVE-2019-10371 |
384 |
|
|
2019-08-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. |
|
12 |
CVE-2019-10362 |
20 |
|
|
2019-07-31 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. |
|
13 |
CVE-2019-10353 |
352 |
|
Bypass CSRF |
2019-07-17 |
2019-07-26 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. |
|
14 |
CVE-2019-10337 |
611 |
|
|
2019-06-11 |
2019-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. |
|
15 |
CVE-2019-10334 |
295 |
|
|
2019-06-11 |
2019-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. |
|
16 |
CVE-2019-10327 |
611 |
|
|
2019-05-31 |
2019-06-03 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. |
|
17 |
CVE-2018-1999045 |
287 |
|
|
2018-08-23 |
2019-05-08 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. |
|
18 |
CVE-2018-1999043 |
772 |
|
DoS |
2018-08-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. |
|
19 |
CVE-2018-1999042 |
502 |
|
|
2018-08-23 |
2019-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. |
|
20 |
CVE-2018-1999035 |
295 |
|
|
2018-08-01 |
2018-10-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. |
|
21 |
CVE-2018-1999034 |
295 |
|
|
2018-08-01 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. |
|
22 |
CVE-2018-1999025 |
295 |
|
|
2018-08-01 |
2018-10-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. |
|
23 |
CVE-2018-1999002 |
20 |
|
|
2018-07-23 |
2018-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to. |
|
24 |
CVE-2018-1000605 |
295 |
|
|
2018-06-26 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. |
|
25 |
CVE-2018-1000417 |
352 |
|
CSRF |
2019-01-09 |
2019-01-22 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. |
|
26 |
CVE-2018-1000414 |
352 |
|
CSRF |
2019-01-09 |
2019-01-22 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. |
|
27 |
CVE-2018-1000409 |
384 |
|
|
2019-01-09 |
2019-05-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account. |
|
28 |
CVE-2018-1000402 |
200 |
|
+Info |
2018-07-09 |
2018-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later. |
|
29 |
CVE-2018-1000197 |
863 |
|
|
2018-06-05 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. |
|
30 |
CVE-2018-1000194 |
22 |
|
Dir. Trav. Bypass |
2018-06-05 |
2018-07-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. |
|
31 |
CVE-2018-1000188 |
918 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
32 |
CVE-2018-1000184 |
918 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
33 |
CVE-2018-1000182 |
918 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
34 |
CVE-2018-1000174 |
601 |
|
|
2018-05-08 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. |
|
35 |
CVE-2018-1000169 |
200 |
|
+Info |
2018-04-16 |
2019-07-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. |
|
36 |
CVE-2018-1000145 |
200 |
|
+Info |
2018-04-05 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them. |
|
37 |
CVE-2018-1000112 |
863 |
|
|
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. |
|
38 |
CVE-2018-1000111 |
863 |
|
|
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. |
|
39 |
CVE-2018-1000110 |
863 |
|
|
2018-03-13 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. |
|
40 |
CVE-2018-1000106 |
863 |
|
|
2018-03-13 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. |
|
41 |
CVE-2018-1000068 |
20 |
|
|
2018-02-15 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. |
|
42 |
CVE-2018-1000067 |
200 |
|
+Info |
2018-02-15 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. |
|
43 |
CVE-2017-1000394 |
20 |
|
|
2018-01-25 |
2019-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins. |
|
44 |
CVE-2017-1000362 |
200 |
|
+Info |
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
|
45 |
CVE-2017-1000245 |
522 |
|
|
2017-11-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. |
|
46 |
CVE-2017-1000108 |
200 |
|
+Info |
2017-10-04 |
2017-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. |
|
47 |
CVE-2017-1000106 |
287 |
|
|
2017-10-04 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name. |
|
48 |
CVE-2017-1000105 |
732 |
|
|
2017-10-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient. |
|
49 |
CVE-2017-1000089 |
276 |
|
|
2017-10-04 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. |
|
50 |
CVE-2017-2654 |
200 |
|
+Info |
2018-08-06 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses. |
