Jenkins Project - CVE CyberSecurity Database News

Jan 24, 2024 Exploit WebSocket Jenkins Project Jenkins

CVE-2024-23898: Jenkins Cross-Site WebSocket Hijacking (CSWSH) Vulnerability in CLI WebSocket Endpoint

In this post, we will discuss the details of a critical vulnerability affecting Jenkins, a widely-used open-source automation server. The vulnerability, labeled as CVE-2024-23898, impacts

Jan 24, 2024 Exploit Jenkins Project Jenkins

CVE-2024-23897: Unauthorized File Read Vulnerability in Jenkins 2.441 and earlier, LTS 2.426.2 and earlier

A critical security vulnerability has been identified in Jenkins 2.441 and earlier, as well as the LTS (Long Term Support) version 2.426.2

Sep 20, 2023 Java Jenkins Project Jenkins

CVE-2023-43497 - Jenkins File Upload Vulnerability in Stapler Web Framework Temporarily Allows Unauthorized File Read/Write Access

A new security vulnerability has been identified in Jenkins, an open-source automation server that facilitates the automation of various continuous integration workflows. The vulnerability, tracked

Sep 20, 2023 Exploit Jenkins Project Jenkins

CVE-2023-43496 - Jenkins 2.423 and earlier, LTS 2.414.1 and earlier Plugin Security Vulnerability and How to Exploit it

The latest Jenkins security vulnerability (CVE-2023-43496) has been discovered in version 2.423 and earlier, as well as in LTS version 2.414.1 and

Sep 20, 2023 Exploit Jenkins Project Jenkins

CVE-2023-43494: Jenkins' Sensitive Build Variables Exposed in Build History Widget

In Jenkins versions 2.50 through 2.423 (inclusive), and LTS 2.60.1 through 2.414.1 (inclusive), a security vulnerability exists that can