Aggregates CVE and security vulnerability intelligence across all jenkins-ci-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface automation pipelines scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-3679 | The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages. | [email protected] | 5.0 | 1.78% | 2014-10-16 | 2026-06-16 |
| CVE-2014-3678 | Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 1.84% | 2014-10-10 | 2026-06-16 |
| CVE-2013-6372 | The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. | [email protected] | 2.1 | 0.50% | 2014-05-08 | 2026-06-16 |
| CVE-2013-6374 | Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 3.5 | 0.97% | 2013-11-25 | 2026-06-16 |
| CVE-2013-6373 | The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. | [email protected] | 5.5 | 1.15% | 2013-11-25 | 2026-06-16 |