Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

SDLC

Jenkins

Jenkins is a free and open source automation server. It helps automate the parts of software development related to building testing and deploying facilitating continuous integration and continuous delivery. It is a server-based system that runs in servlet containers such as Apache Tomcat.

Official Site:

https://www.jenkins.io/

Severity Summary:

Critical: 19 High: 54 Medium: 155 Low: 10
Reference
Title
Severity
CVE-2018-1999001
Jenkins Improper Input Validation Vulnerability
High
CVE-2012-0785
Jenkins Uncontrolled Resource Consumption Vulnerability
High
CVE-2019-10384
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2020-2099
Jenkins Use of Insufficiently Random Values Vulnerability
High
CVE-2021-21604
Jenkins Deserialization of Untrusted Data Vulnerability
High
CVE-2019-1003004
Jenkins Insufficient Session Expiration Vulnerability
High
CVE-2018-1999043
Jenkins Missing Release of Resource after Effective Lifetime Vulnerability
High
CVE-2019-1003003
Jenkins Insufficient Session Expiration Vulnerability
High
CVE-2020-2160
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2019-10353
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2018-1000410
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
High
CVE-2019-1003049
Jenkins Insufficient Session Expiration Vulnerability
High
CVE-2018-1000863
Jenkins Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2020-2101
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability
Medium
CVE-2020-2100
Jenkins Other Vulnerability
Medium
CVE-2019-10402
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-34171
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-34170
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-2102
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability
Medium
CVE-2019-10406
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-20612
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2019-10404
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-2103
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2014-3681
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-10403
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-1999003
Jenkins Incorrect Authorization Vulnerability
Medium
CVE-2019-10401
Jenkins Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5319
Jenkins Other Vulnerability
Medium
CVE-2014-9635
Jenkins 7PK - Security Features Vulnerability
Medium
CVE-2014-9634
Jenkins 7PK - Security Features Vulnerability
Medium