Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven org.jenkins-ci.main:jenkins-core Security Advisories

Loading...
High
GSA_kwCzR0hTQS01M3BoLTJyMngtdnF3OM4AA4qv
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02ZjlnLWN4d3ItcTVqcs4AA4qu
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yNzlmLXF3Z2gtaDVtcM4AA1-D
Jenkins does not exclude sensitive build variables from search
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS01NXdwLTNwcTQtdzhwOc4AA1-L
Jenkins temporary plugin file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS01ajQ2LTVod3EtZ3doN84AA1-J
Jenkins Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS02OXZ3LTNwY20tODRyd84AA05m
Jenkins Stored Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS05OGZwLXIyMmctd3BqN84AAz2W
Jenkins CSRF protection bypass vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qNjY0LXFoaDQtaHBmOM4AAyCa
Cross-site Scripting vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jajZyLThweGotNWp2Ns4AAyCF
Incorrect Permission Preservation in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNzZwLW1jNjgtanYzcM4AAyCk
Denial of service in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mcmdyLWM1ZjItOHFoaM4AAyCc
Denial of service in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oZjloLXZ2NG0tMmYzM84AAyCn
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ycmdwLWMydzgtNnZnNs4AAyCG
Information disclosure through error stack traces related to agents
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cHZwLWg3M2MtbTlycc4AAu-W
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Z3JqLWo0M20tbWpxcs4AAs7n
Observable timing discrepancy allows determining username validity in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02ZzRyLXE3cWctNnF4Ns4AAs8p
Cross-site Scripting vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Zjg0LXA2cjUtanI2cc4AAs8h
Cross-site Scripting vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1taHA3LTMzOTMtcGZxcs4AAs8g
Cross-site Scripting vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wM3JjLTk0NmgtOGNmNc4AAs8u
Unauthorized view fragment access in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02MndmLTI0YzQtOHI3Ns4AAs8i
Cross-site Scripting vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1odzU1LWY4d2MtODJtNs4AAq6O
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05cWdmLTRmcGYtY21oMs4AAq6N
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNnE5LTgzeHctbXA2cM4AAq6J
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00N3djLXA1Y3Atdzdwd84AAq6Q
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Y2pjLXhwcHIteGo2eM4AAq6P
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oZzZnLWpqN2cteDZ2Ms4AAq6R
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00ZzM4LWhybTQtcmc5NM4AAqkP
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05Mjl3LXE0MzMtNGg5eM4AAqj-
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01OHhtLW14amYtMjU0Z84AAqkM
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yYzc5LWgyaDUtZzNmd84AAqj1
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04eGc0LXhxMnYtdjZqN84AAqkL
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tOWhyLTI1OWYtMnYyM84AAqj9
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qM2NxLWg2dmgtZ3g3Zs4AAqj5
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zcTg0LXZydngtcmZ2Zs4AAqkF
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZ2o2LWptajUtd3FmeM4AAqj8
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05N2MzLXc5Y3ItNnFjMs4AAqkN
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jdnZtLTRjcjktcjQzNs4AAqkD
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jNXI5LXJ4NTMtcTNnZs4AAqkB
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jdjJ3LXE4YzMteGp2N84AAqj6
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cTRnLTg0ZjMtbXc3NM4AAqOq
Improper handling of equivalent directory names on Windows in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cHc1LXI1OGgtZnYyNM4AAqOh
Path traversal vulnerability on Windows in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNHdwLThjOTktNjlwd84AAo_d
Improper permission checks allow canceling queue items and aborting builds in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00d3I5LTJ4YzYtam1nNc4AAo_q
Session fixation vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Mmh2LXJjcXItMmg3cs4AAoE2
View name validation bypass in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wdnd4LTNqeDUtMjRyMs4AAoE-
Lack of type validation in agent related REST API in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xeHA2LTI3Z3ctOTljas4AAnWa
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tajdxLWNtZjMtbWc3aM4AAnOV
Stored XSS vulnerability in Jenkins on new item page
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jeHF3LXZqY3ItZ3A1Z84AAnOQ
Excessive memory allocation in graph URLs leads to denial of service in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1weGdxLWdxcjktNWd3eM4AAnOR
Path traversal vulnerability in Jenkins agent names
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03cWYzLWMycTgtNjltM84AAnOa
Reflected XSS vulnerability in Jenkins markup formatter preview
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cGptLTU4Y3ctcjhxNc4AAnOi
Arbitrary file read vulnerability in workspace browsers in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdjZmLXJjdjYtNnEzeM4AAnOP
Improper handling of REST API XML deserialization errors in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05OGdxLTZoeGctNTJyNs4AAnOI
XSS vulnerability in Jenkins notification bar
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mNTg1LTlmdzMtcmoybc4AAnOk
Arbitrary file existence check in file fingerprints in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NjI1LXE1MnctMzljeM4AAnOJ
Missing permission check for paths with specific prefix in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13djYzLWd3cjktNWM1Nc4AAnOM
Stored XSS vulnerability in Jenkins button labels
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05ZzRtLWZmeDYtYzI5Z84AAllI
Jenkins Cross-site Scripting vulnerability in project naming strategy
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcHZxLXY3MjktN2oyaM4AAlk6
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1odm1jLTdnMngtcjNwOc4AAllE
Jenkins Cross-Site Scripting vulnerability in help icons
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NjR2LTVxMmctZnI2NM4AAlYf
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nZmhqLTUyNHEtZ2Nybc4AAlYZ
Stored XSS vulnerability in Jenkins console links
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nNGo2LW0zbTMtY3J3OM4AAlYJ
Stored XSS vulnerability in Jenkins upstream cause
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xZ2o0LXJjOG0tNDRtcc4AAlYS
Stored XSS vulnerability in Jenkins job build time trend
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcmcyLTZ4djMtcWc1Zs4AAkC-
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jNzM1LWc5ZjItMm12cM4AAkDI
Cross-Site Request Forgery in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nOHBnLXFydm0td2doMs4AAkDM
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yeGNtLWg3dnYtZzhtOc4AAkDZ
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03eHA4LTd3cXgtNWhxeM4AAjcV
Jenkins REST APIs vulnerable to clickjacking
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xcDRmLTJ3NjctYzhod84AAjcR
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1majZmLTY5MzMtODM5as4AAjcN
Non-constant time HMAC comparison
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNzhxLXFneDYtNjRwcM4AAjcT
Memory usage graphs accessible to anyone with Overall/Read
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13N2pyLXdxdzYtNTR4Y84AAjcJ
Non-constant time comparison of inbound TCP agent connection secret
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncHh2LTc3NnAtN2djN84AAjcM
Jenkins vulnerable to UDP amplification reflection attack
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00ampqLWNtN3EtdjZocs4AAjcO
Jenkins Diagnostic page exposed session cookies
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xajI3LXc5MmgtZmM5cs4AAjQo
XML external entity (XXE) vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xZzd4LTRoNHEtM200Oc4AAjQr
XML external entity (XXE) vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05bTQ4LTU0cGotaDI0OM4AAh6P
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12Y3I4LWg4cXAtcWo4aM4AAh6e
Cross-Site Request Forgery in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcjQyLTgycWotbXc2Nc4AAhUj
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02amZjLW1jOTctYzd3Z84AAhUt
Missing Authorization in Jenkins
Ecosystems: maven
Packages: org.kohsuke.stapler:stapler-parent, org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oY3hmLXJxNzItaDRycs4AAhUU
Cross-Site Request Forgery in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZnBnLXBwM20taDIyZs4AAdTl
Jenkins allows attackers to execute arbitrary jobs
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNWp2LWhnNjgtbWpoZ84AAdTm
Jenkins allows attackers to configure restricted projects
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12eGM2LXd2aDgtZnB4d84AAdTi
Jenkins does not invalidate the API token when a user is deleted
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yeGZ2LWdtNXgtOXdxas4AAdTk
Jenkin allows attackers to obtain passwords by reading the HTML source code
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05dmc5LXgzOGctOWhmeM4AAdTh
Jenkins allows attackers to determine whether a user exists
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNW0yLWc1Z2MtcTQzcs4AAdTe
Jenkins Denial of Service vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wdjg4LWo2cmctcjU2cM4AAdTd
Jenkins allows attackers to obtain sensitive information
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1meGo4LWNxY3AtM3Zncc4AAdTf
Jenkins cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04amZ4LWg2cTItdjRnM84AAdTg
Jenkins session fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14M3AzLTkyOWotcHE2Ns4AAdTU
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NG1jLTJtOXAtMjNjOM4AAdTR
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1meHFyLXB4Mm0tZnZjMs4AAdTV
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NmNyLTZ3aHgtNzMycM4AAdTQ
Jenkins improperly ensures trust separation
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04eDhwLW1md3YtOWZqd84AAdS5
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NXY3LXEyajQtZnZwZs4AAdS1
Jenkins Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZzRyLWY5ajItMzZtd84AAdPD
Jenkins Cross-Site Request Forgery vulnerabilities
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 19,486
Packages: 8,600
Repositories: 4
Ecosystems: 12
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 133 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 org.apache.tomcat.embed:tomcat-embed-core 37 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.xwiki.platform:xwiki-platform-oldcore 35 net.mingsoft:ms-mcms 35 org.elasticsearch:elasticsearch 34 org.jenkins-ci.plugins:script-security 32 org.keycloak:keycloak-services 31 io.undertow:undertow-core 30 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.apache.nifi:nifi 22 org.bouncycastle:bcprov-jdk14 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.geode:geode-core 17 org.apache.jspwiki:jspwiki-main 16 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.apache.tomcat:tomcat-coyote 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins:git 12 org.bouncycastle:bcprov-jdk15on 12 org.jenkins-ci.plugins:email-ext 11 org.apache.james:james-server 11 org.apache.camel:camel-core 11 org.apache.dolphinscheduler:dolphinscheduler 11 org.apache.tika:tika-core 11 org.apache.ranger:ranger 11 org.mortbay.jetty:jetty 11 org.jeecgframework.boot:jeecg-boot-parent 11 com.xuxueli:xxl-job 11 org.apache.jspwiki:jspwiki-war 11 org.apache.cxf:cxf-core 11 org.apache.commons:commons-compress 11 org.apache.hadoop:hadoop-common 11 org.igniterealtime.openfire:parent 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.inlong:manager-service 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 io.netty:netty 10 org.jboss.netty:netty 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.opencms:opencms-core 9 org.jenkins-ci.plugins:electricflow 9 org.craftercms:crafter-studio 9 org.apache.archiva:archiva 9 org.apache.xmlgraphics:batik 9 org.bouncycastle:bcprov-jdk15to18 9 org.apache.tomcat:tomcat-catalina 9 org.apache.shiro:shiro-core 9 org.springframework:spring-web 9 org.jenkins-ci.plugins:config-file-provider 9 org.opennms:opennms 9 org.apache.tapestry:tapestry-core 9 io.jenkins:configuration-as-code 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.apache.hive:hive 9 org.jenkins-ci.plugins:active-directory 9 org.springframework:spring-webmvc 9 org.opencrx:opencrx-core-models 9 cn.hutool:hutool-core 9 org.postgresql:postgresql 8 org.apache.ozone:ozone-main 8 org.apache.hive:hive-exec 8 org.apache.ambari:ambari 8 org.apache.zeppelin:zeppelin 8 org.apache.pdfbox:pdfbox 8 org.yaml:snakeyaml 8 jquery 8 jquery-rails 8 org.apache.kylin:kylin 8 org.webjars.npm:jquery 8 org.jenkins-ci.plugins:ec2 8 com.hazelcast:hazelcast 8 org.graylog2:graylog2-server 8 org.apache.santuario:xmlsec 8 mysql:mysql-connector-java 8 io.jenkins.blueocean:blueocean 8 jquery-ui 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.apache.hive:hive-service 7 io.dataease:dataease-plugin-common 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.cxf:apache-cxf 7 io.jenkins.plugins:warnings-ng 7 org.owasp.antisamy:antisamy 7 org.apache.activemq:activemq-parent 7 org.apache.karaf:apache-karaf 7 org.apache.logging.log4j:log4j-core 7 org.jruby:jruby-stdlib 7 rubygems-update 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:artifactory 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 io.atomix:atomix 7 org.jenkins-ci.plugins:rundeck 7 org.apache.inlong:manager-web 7 org.jenkins-ci.plugins:mercurial 7 org.apache.linkis:linkis 7 jquery-ui-rails 7 org.apache.tika:tika 7 org.apache.atlas:atlas-common 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 org.apache.derby:derby 7 org.jeecgframework.boot:jeecg-boot-base 7 org.silverpeas.core:silverpeas-core-web 7 org.owasp.esapi:esapi 7 net.opentsdb:opentsdb 7 org.apache.poi:poi 7 org.apache.spark:spark-core_2.11 7 jQuery 7 org.jenkins-ci.plugins:subversion 7 org.jboss.resteasy:resteasy-client 7 org.apache.spark:spark-core_2.10 6 cn.hutool:hutool-json 6 io.netty:netty-handler 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.opencastproject:opencast-kernel 6 com.jflyfox:jflyfox_jfinal 6 org.xwiki.commons:xwiki-commons-xml 6 org.jenkins-ci.plugins:repository-connector 6 commons-fileupload:commons-fileupload 6 org.jenkins-ci.plugins:pipeline-maven 6 org.csanchez.jenkins.plugins:kubernetes 6 org.apache.struts:struts2-rest-plugin 6 org.apache.shenyu:shenyu-common 6 org.apache.httpcomponents:httpclient 6 hudson.plugins:project-inheritance 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.mesos:mesos 6 org.apache.syncope:syncope-core 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.apache.solr:solr-parent 6 org.apache.storm:storm-core 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.apache.axis:axis 6 org.bouncycastle:bcprov-jdk18on 6 axis:axis 6 tech.powerjob:powerjob 6 org.opensearch.plugin:opensearch-security 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.apache.pulsar:pulsar-broker 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 io.netty:netty-codec-http 6 org.apache.zookeeper:zookeeper 5 io.jenkins.plugins:neuvector-vulnerability-scanner 5 org.jenkins-ci.plugins:codedx 5 org.jenkins-ci.plugins:matrix-project 5 log4j:log4j 5 org.geoserver:gs-wms 5 org.jenkins-ci.plugins:fortify 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 org.neo4j.procedure:apoc 5 org.jeecgframework.boot:jeecg-boot-base-core 5 org.apache.ignite:ignite-core 5 org.dspace:dspace-jspui 5 com.vaadin:vaadin-server 5 com.mabl.integration.jenkins:mabl-integration 5 org.jenkins-ci.plugins:junit 5 com.coravy.hudson.plugins.github:github 5 org.jenkins-ci.plugins:aws-codecommit-trigger 5 org.apache.hadoop:hadoop-client 5 org.springframework.security.oauth:spring-security-oauth2 5 org.jenkins-ci.plugins:google-login 5 org.jboss.resteasy:resteasy-bom 5 info.magnolia:magnolia-core 5 org.jenkins-ci.plugins:gitlab-plugin 5 edu.stanford.nlp:stanford-corenlp 5 org.apache.struts:struts-core 5 org.geoserver:gs-main 5 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:delphix 5 org.apache.druid:druid 5 org.jenkins-ci.plugins:scriptler 5 org.jenkins-ci.plugins.m2release:m2release 5 org.codehaus.jettison:jettison 5 org.jenkins-ci.plugins:websphere-deployer 5 org.wildfly:wildfly-parent 5