Jenkins CVE 脆弱性と CVE 一覧(1,798)

製品(CPE): — CVE 件数: 1,798

Jenkins 脆弱性概要

Jenkins 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk xxe and vendor risk input validation などに関し、一部は vendor impact session compromise を招き、vendor surface build workflows and vendor surface automation pipelines 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 1798 CVE 件数
«« 先頭 « 前へ 1 / 90 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-57307 A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. [email protected] 4.2 0.13% 2026-06-24 2026-06-26
CVE-2026-57306 A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. [email protected] 4.2 0.09% 2026-06-24 2026-06-26
CVE-2026-57305 A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password. [email protected] 5.4 0.10% 2026-06-24 2026-06-25
CVE-2026-57304 A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password. [email protected] 5.4 0.16% 2026-06-24 2026-06-25
CVE-2026-57303 Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery. [email protected] 7.1 0.20% 2026-06-24 2026-06-25
CVE-2026-57302 Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system. [email protected] 4.3 0.17% 2026-06-24 2026-06-26
CVE-2026-57301 Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller. [email protected] 8.8 0.39% 2026-06-24 2026-06-26
CVE-2026-57300 A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access. [email protected] 4.3 0.17% 2026-06-24 2026-06-26
CVE-2026-57299 Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. [email protected] 4.3 0.19% 2026-06-24 2026-07-06
CVE-2026-57297 A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key. [email protected] 4.3 0.19% 2026-06-24 2026-07-06
CVE-2026-57295 A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. [email protected] 5.4 0.10% 2026-06-24 2026-06-26
CVE-2026-57294 A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. [email protected] 5.4 0.16% 2026-06-24 2026-06-26
CVE-2026-57290 A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. [email protected] 4.3 0.15% 2026-06-24 2026-06-26
CVE-2026-57289 Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token. [email protected] 4.8 0.10% 2026-06-24 2026-06-26
CVE-2026-57288 Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name. [email protected] 3.7 0.21% 2026-06-24 2026-06-26
CVE-2026-57287 Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted. [email protected] 4.3 0.12% 2026-06-24 2026-06-26
CVE-2026-57286 A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata. [email protected] 4.3 0.21% 2026-06-24 2026-06-26
CVE-2026-57285 A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. [email protected] 4.3 0.21% 2026-06-24 2026-06-26
CVE-2026-57284 Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps. [email protected] 4.3 0.27% 2026-06-24 2026-06-26
CVE-2026-57283 A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator. [email protected] 4.3 0.16% 2026-06-24 2026-06-26
«« 先頭 « 前へ 1 / 90 次へ »
cvelogic Threat Intelligence