Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2021-21672
Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
4.3
EPSS Score
0.017
Published
2021-06-30
CVE-2021-21673
Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-06-30
CVE-2021-21674
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-06-30
CVE-2021-21675
A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-30
CVE-2021-21676
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-06-30
CVE-2021-21670
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
CVSS Score
4.3
EPSS Score
0.004
Published
2021-06-30
CVE-2021-21671
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-30
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-06-18
CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVSS Score
5.4
EPSS Score
0.013
Published
2021-06-16
CVE-2021-21668
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVSS Score
5.4
EPSS Score
0.013
Published
2021-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved