Vulnerabilities
Vulnerable Software
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.
CVSS Score
8.8
EPSS Score
0.004
Published
2026-06-24
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVSS Score
8.8
EPSS Score
0.014
Published
2019-04-04


Contact Us

Shodan ® - All rights reserved