Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2021-21629 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build With Parameters A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. | 8.8 |
| 2021-03-18 | CVE-2021-21627 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Libvirt Agents A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains. | 8.8 |
| 2021-02-24 | CVE-2021-21617 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Configuration Slicing A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations. | 8.8 |
| 2021-01-13 | CVE-2021-21605 | Path Traversal vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | 8.0 |
| 2021-01-13 | CVE-2021-21604 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. | 8.0 |
| 2020-12-03 | CVE-2020-2324 | XXE vulnerability in Jenkins CVS Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.5 |
| 2020-12-03 | CVE-2020-2321 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Shelve Project A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | 8.1 |
| 2020-10-08 | CVE-2020-2286 | Unspecified vulnerability in Jenkins Role-Based Authorization Strategy Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | 8.8 |
| 2020-09-23 | CVE-2020-2284 | XXE vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-09-23 | CVE-2020-2280 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | 8.8 |