Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  >> Jenkins  >> 2.222.3  Security Vulnerabilities
CVE-2021-21609
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-01-13
CVE-2020-2229
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
CVSS Score
5.4
EPSS Score
0.039
Published
2020-08-12
CVE-2020-2230
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
CVSS Score
5.4
EPSS Score
0.012
Published
2020-08-12
CVE-2020-2231
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-08-12
CVE-2020-2221
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-15
CVE-2020-2222
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-15
CVE-2020-2223
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-15
CVE-2020-2220
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved