Vulnerabilities > Jenkins > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-21658 | Unspecified vulnerability in Jenkins Nuget Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 9.1 |
| 2020-12-03 | CVE-2020-2320 | Download of Code Without Integrity Check vulnerability in Jenkins Installation Manager Tool Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | 9.8 |
| 2020-11-04 | CVE-2020-2299 | Unspecified vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | 9.8 |
| 2020-11-04 | CVE-2020-2300 | Unspecified vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | 9.8 |
| 2020-11-04 | CVE-2020-2301 | Unspecified vulnerability in Jenkins Active Directory Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | 9.8 |
| 2020-09-23 | CVE-2020-2279 | Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. | 9.9 |
| 2019-11-21 | CVE-2019-16541 | Exposure of Resource to Wrong Sphere vulnerability in Jenkins Jira Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | 9.9 |
| 2019-10-16 | CVE-2019-10458 | Unspecified vulnerability in Jenkins Puppet Enterprise Pipeline Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 9.9 |
| 2019-10-01 | CVE-2019-10431 | Code Injection vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | 9.9 |
| 2019-09-25 | CVE-2019-10417 | Unspecified vulnerability in Jenkins Kubernetes Pipeline 1.3/1.5/1.6 Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | 9.9 |