Export limit exceeded: 360642 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (71 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57288 | 1 Jenkins Project | 1 Jenkins Active Directory Plugin | 2026-06-24 | 3.7 Low |
| Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name. | ||||
| CVE-2026-57303 | 1 Jenkins Project | 1 Jenkins Assembla Plugin | 2026-06-24 | 7.1 High |
| Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery. | ||||
| CVE-2026-57282 | 1 Jenkins Project | 1 Jenkins Git Client Plugin | 2026-06-24 | 5 Medium |
| Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent. | ||||
| CVE-2026-57286 | 1 Jenkins Project | 1 Jenkins Git Parameter Plugin | 2026-06-24 | 4.3 Medium |
| A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata. | ||||
| CVE-2026-57287 | 1 Jenkins Project | 1 Jenkins Job Configuration History Plugin | 2026-06-24 | 4.3 Medium |
| Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted. | ||||
| CVE-2026-57289 | 1 Jenkins Project | 1 Jenkins Bitbucket Push And Pull Request Plugin | 2026-06-24 | 4.8 Medium |
| Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token. | ||||
| CVE-2026-57290 | 1 Jenkins Project | 1 Jenkins Priority Sorter Plugin | 2026-06-24 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. | ||||
| CVE-2026-57291 | 1 Jenkins Project | 1 Jenkins Gitee Plugin | 2026-06-24 | 5.4 Medium |
| Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2026-57292 | 1 Jenkins Project | 1 Jenkins Gitee Plugin | 2026-06-24 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2026-57293 | 1 Jenkins Project | 1 Jenkins Gitee Plugin | 2026-06-24 | 4.3 Medium |
| An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2026-57294 | 1 Jenkins Project | 1 Jenkins Ec2 Fleet Plugin | 2026-06-24 | 5.4 Medium |
| A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. | ||||
| CVE-2026-57295 | 1 Jenkins Project | 1 Jenkins Ec2 Fleet Plugin | 2026-06-24 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. | ||||
| CVE-2026-57296 | 1 Jenkins Project | 1 Jenkins External Workspace Manager Plugin | 2026-06-24 | 8.8 High |
| Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution. | ||||
| CVE-2026-57297 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-06-24 | N/A |
| A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key. | ||||
| CVE-2026-57298 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-06-24 | 5.4 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key. | ||||
| CVE-2026-57299 | 2 Jenkins, Jenkins Project | 2 Contrast Continuous Application Security, Jenkins Contrast Continuous Application Security Plugin | 2026-06-24 | N/A |
| Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. | ||||
| CVE-2026-57300 | 1 Jenkins Project | 1 Jenkins Mcp Server Plugin | 2026-06-24 | 4.3 Medium |
| A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access. | ||||
| CVE-2026-57301 | 1 Jenkins Project | 1 Jenkins Owasp Zap Plugin | 2026-06-24 | 8.8 High |
| Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller. | ||||
| CVE-2026-57302 | 1 Jenkins Project | 1 Jenkins Fitnesse Plugin | 2026-06-24 | 4.3 Medium |
| Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system. | ||||
| CVE-2026-57304 | 1 Jenkins Project | 1 Jenkins Assembla Plugin | 2026-06-24 | 5.4 Medium |
| A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password. | ||||