Vulnerabilities > Jenkins > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-25 CVE-2021-21658 Unspecified vulnerability in Jenkins Nuget
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins
critical
9.1
2020-12-03 CVE-2020-2320 Download of Code Without Integrity Check vulnerability in Jenkins Installation Manager Tool
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.
network
low complexity
jenkins CWE-494
critical
9.8
2020-11-04 CVE-2020-2301 Unspecified vulnerability in Jenkins Active Directory
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
network
low complexity
jenkins
critical
9.8
2020-11-04 CVE-2020-2300 Unspecified vulnerability in Jenkins Active Directory
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
network
low complexity
jenkins
critical
9.8
2020-11-04 CVE-2020-2299 Unspecified vulnerability in Jenkins Active Directory
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
network
low complexity
jenkins
critical
9.8
2020-09-23 CVE-2020-2279 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2019-11-21 CVE-2019-16541 Exposure of Resource to Wrong Sphere vulnerability in Jenkins Jira
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
network
low complexity
jenkins CWE-668
critical
9.9
2019-10-16 CVE-2019-10458 Unspecified vulnerability in Jenkins Puppet Enterprise Pipeline
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
network
low complexity
jenkins
critical
9.9
2019-10-01 CVE-2019-10431 Code Injection vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
network
low complexity
jenkins CWE-94
critical
9.9
2019-09-25 CVE-2019-10418 Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
network
low complexity
jenkins
critical
9.9