Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jenkins Security Vulnerabilities

cve
cve

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

5.3CVSS

5.3AI Score

0.0005EPSS

2024-01-24 06:15 PM
29
cve
cve

CVE-2024-23904

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system...

7.5CVSS

7.7AI Score

0.001EPSS

2024-01-24 06:15 PM
19
cve
cve

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

5.4CVSS

5.9AI Score

0.0004EPSS

2024-01-24 06:15 PM
24
Total number of security vulnerabilities1603