Vulnerabilities > Jenkins > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-04 CVE-2021-21697 Unspecified vulnerability in Jenkins
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
network
low complexity
jenkins
critical
9.1
2021-06-18 CVE-2021-21669 Unspecified vulnerability in Jenkins Generic Webhook Trigger
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins
critical
9.8
2021-05-25 CVE-2021-21658 Unspecified vulnerability in Jenkins Nuget
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins
critical
9.1
2020-12-03 CVE-2020-2320 Download of Code Without Integrity Check vulnerability in Jenkins Installation Manager Tool
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.
network
low complexity
jenkins CWE-494
critical
9.8
2020-11-04 CVE-2020-2301 Unspecified vulnerability in Jenkins Active Directory
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
network
low complexity
jenkins
critical
9.8
2020-11-04 CVE-2020-2300 Unspecified vulnerability in Jenkins Active Directory
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
network
low complexity
jenkins
critical
9.8
2020-11-04 CVE-2020-2299 Unspecified vulnerability in Jenkins Active Directory
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
network
low complexity
jenkins
critical
9.8
2020-09-23 CVE-2020-2279 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
network
low complexity
jenkins
critical
9.9
2019-11-21 CVE-2019-16541 Exposure of Resource to Wrong Sphere vulnerability in Jenkins Jira
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
network
low complexity
jenkins CWE-668
critical
9.9
2019-10-16 CVE-2019-10458 Unspecified vulnerability in Jenkins Puppet Enterprise Pipeline
Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
network
low complexity
jenkins
critical
9.9