Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-21657 | Unspecified vulnerability in Jenkins Filesystem Trigger Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2021-05-25 | CVE-2021-21659 | Unspecified vulnerability in Jenkins Urltrigger Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2021-05-11 | CVE-2021-21652 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 7.1 |
| 2021-05-11 | CVE-2021-21655 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4 A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password. | 7.1 |
| 2021-05-11 | CVE-2021-21656 | Unspecified vulnerability in Jenkins Xcode Integration Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2021-04-21 | CVE-2021-21646 | Unspecified vulnerability in Jenkins Templating Engine Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 |
| 2021-04-21 | CVE-2021-21642 | XXE vulnerability in Jenkins Config File Provider Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.1 |
| 2021-04-01 | CVE-2021-28165 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | 7.5 |
| 2021-03-30 | CVE-2021-21638 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Foundation Server A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2021-03-30 | CVE-2021-21633 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Owasp Dependency-Track A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | 8.8 |