Homepage
About Snyk

org.jenkins-ci.main:jenkins-core vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.jenkins-ci.main:jenkins-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Authentication Bypass by Capture-replay

[,2.452)
  • M
Access Restriction Bypass

[,1.480.3) [1.481,1.502)
  • H
Exposure of Sensitive Information to an Unauthorized Actor

[,1.532.2) [1.533,1.551)
  • H
Resource Exhaustion

[,1.424.2) [1.425,1.447)
  • H
XML External Entity (XXE) Injection

[,1.596.1) [1.597,1.600)
  • H
XML External Entity (XXE) Injection

[,1.596.1) [1.597,1.600)
  • C
Improper Access Control

[,2.426.3) [2.427,2.440.1) [2.441,2.442)
  • H
Origin Validation Error

[,2.426.3) [2.427,2.440.1) [2.441,2.442)
  • L
Incorrect Default Permissions

[2.50,)
  • L
Creation of Temporary File With Insecure Permissions

[0,)
  • H
Improper Control of Generation of Code ('Code Injection')

[,2.414.2) [2.415,2.424)
  • M
Information Exposure

[2.50,)
  • M
Cross-site Scripting (XSS)

[0,)
  • M
Cross-site Scripting (XSS)

[,2.401.3) [2.406,2.416)
  • H
Cross-site Request Forgery (CSRF)

[,2.400)
  • M
Denial of Service (DoS)

[0,)
  • M
Denial of Service (DoS)

[0,)
  • C
Cross-site Scripting (XSS)

[2.270,2.375.4) [2.376,2.387.1) [2.388,2.394)
  • H
Creation of Temporary File With Insecure Permissions

[,2.375.4) [2.376,2.387.1) [2.388,2.394)
  • L
Information Exposure

[,2.375.4) [2.376,2.387.1) [2.388,2.394)
  • L
Creation of Temporary File With Insecure Permissions

[0,)
  • M
Information Exposure

[0,)
  • H
Cross-site Request Forgery (CSRF)

[,1.480.3) [1.481,1.502)
  • H
Cross-site Request Forgery (CSRF)

[,1.480.3) [1.481,1.502)
  • H
Cross-site Request Forgery (CSRF)

[,1.509.1) [1.510,1.514)
  • M
Cross-site Scripting (XSS)

[,1.502)
  • M
Information Exposure

[,2.204.2) [2.205,2.219)
  • H
Session Fixation

[2.266,2.289.2) [2.292,2.300)
  • H
Improper Authentication

[,2.204.2) [2.205,2.214)
  • M
Information Exposure

[,2.204.2) [2.205,2.219)
  • M
Timing Attack

[,2.204.2) [2.205,2.219)
  • L
Improper Restriction of Rendered UI Layers or Frames

[,2.204.2) [2.205,2.219)
  • M
Timing Attack

[,2.204.2) [2.205,2.219)
  • M
Denial of Service (DoS)

[,2.204.2) [2.205,2.219)
  • M
Incorrect Authorization

[2.266,2.289.2) [2.292,2.300)
  • M
Path Equivalence

[,2.303.2) [2.304,2.315)
  • M
Directory Traversal

[,2.303.2) [2.304,2.315)
  • M
Cross-site Scripting (XSS)

[2.340,2.356)
  • M
Cross-site Scripting (XSS)

[2.320,2.356)
  • M
Cross-site Scripting (XSS)

[2.321,2.356)
  • M
Information Exposure

[2.334,2.356)
  • H
Cross-site Scripting (XSS)

[2.340,2.356)
  • H
Information Exposure

[2.335,2.356)
  • M
Cross-site Scripting (XSS)

[,2.89.4)
  • H
Improper Authorization

[,2.159)
  • H
Cross-site Scripting (XSS)

[,2.370)
  • M
Denial of Service (DoS)

[,2.319.3) [2.320,2.334)
  • M
Cross-site Request Forgery (CSRF)

[2.320,2.330) [,2.319.2)
  • C
Directory Traversal

[,2.303.3) [2.304,2.319)
  • C
Improper Authorization

[,2.303.3) [2.304,2.319)
  • C
Symlink Attack

[,2.303.3) [2.304,2.319)
  • C
Directory Traversal

[,2.303.3) [2.304,2.319)
  • M
Directory Traversal

[,2.303.3) [2.304,2.319)
  • H
Arbitrary Code Injection

[,2.303.3) [2.304,2.319)
  • C
Improper Access Control

[,2.303.3) [2.304,2.319)
  • C
Improper Authorization

[,2.303.3) [2.304,2.319)
  • C
Improper Authorization

[,2.303.3) [2.304,2.319)
  • M
Improper Access Control

[,2.303.3) [2.304,2.319)
  • C
Symlink Attack

[,2.303.3) [2.304,2.319)
  • M
Improper Access Control

[,2.303.3) [2.304,2.319)
  • M
Symlink Attack

[,2.303.3) [2.304,2.319)
  • L
Insufficient Validation

[2.278,2.287) [,2.277.2)
  • M
Improper Validation

[2.278,2.287) [,2.277.2)
  • M
Race Condition

[,2.263.2) [2.270,2.275)
  • M
Denial of Service (DoS)

[,2.263.2) [2.270,2.275)
  • H
Deserialization of Untrusted Data

[,2.263.2) [2.270,2.275)
  • M
Arbitrary File Read

[,2.263.2) [2.270,2.275)
  • H
Cross-site Scripting (XSS)

[,2.263.2) [2.270,2.275)
  • H
Cross-site Scripting (XSS)

[,2.263.2) [2.270,2.275)
  • M
Cross-site Scripting (XSS)

[,2.263.2) [2.270,2.275)
  • H
Directory Traversal

[,2.263.2) [2.270,2.275)
  • L
Access Restriction Bypass

[,2.263.2) [2.270,2.275)
  • H
Cross-site Scripting (XSS)

[,2.263.2) [2.270,2.275)
  • M
Information Exposure

[,2.263.2) [2.270,2.275)
  • H
Cross-site Scripting (XSS)

[,2.252) [2.235.3,2.235.4)
  • H
Cross-site Scripting (XSS)

[,2.252) [2.235.3,2.235.4)
  • H
Cross-site Scripting (XSS)

[,2.252) [2.235.3,2.235.4)
  • M
Cross-site Scripting (XSS)

[,2.176.4) [2.180.0,2.196.1)
  • M
Cross-site Scripting (XSS)

[,2.176.4) [2.180.0,2.196.1)
  • H
Denial of Service (DoS)

[0,2.73.2) [2.83,2.83.1)
  • M
Cross-site Scripting (XSS)

[0,2.176.4) [2.180.0,2.196.1)
  • M
Cross-site Scripting (XSS)

[,2.176.4) [2.180.0,2.190.1)
  • M
Cross-site Scripting (XSS)

[0,2.176.4) [2.180.0,2.196.1)
  • M
Information Exposure

[,2.176.4) [2.180.0,2.196.1)
  • H
Cross-site Scripting (XSS)

[,2.245)
  • H
Cross-site Scripting (XSS)

[,2.245)
  • H
Cross-site Scripting (XSS)

[,2.245)
  • H
Cross-site Scripting (XSS)

[,2.245)
  • M
Cross-site Scripting (XSS)

[,2.228)
  • M
Cross-site Scripting (XSS)

[,2.228)
  • H
Cross-site Request Forgery (CSRF)

[,2.228)
  • M
Cross-site Scripting (XSS)

[,2.228)
  • M
Cross-site Scripting (XSS)

[,2.176.2) [2.177,2.192)
  • H
Protection Bypass

[,2.176.2) [2.177,2.192)
  • H
Cross Site Request Forgery (CSRF)

[2.180,2.186) [,2.176.2)
  • M
Directory Traversal

[,2.176.2) [2.177,2.186)
  • M
Access Control Bypass

[,2.176.2) [2.177,2.186)
  • H
Authorization Bypass

[2.150,2.160) [2.150.1,2.150.2)
  • M
Authentication Bypass

[,2.164.2) [,2.172)
  • M
Cross-site Scripting (XSS)

[,2.164.2) [,2.172)
  • M
Directory Traversal

[,2.138.2) [2.140,2.146)
  • M
Arbitrary File Write

[,2.138.2) [2.140,2.146)
  • M
Cross-site Scripting (XSS)

[,2.138.2) [2.140,2.146)
  • L
Information Exposure

[,2.138.2) [2.140,2.146)
  • M
Ephemeral User Record Creation

[,2.138.2) [2.140,2.146)
  • M
Session Fixation

[,2.138.2) [2.140,2.146)
  • M
Information Exposure

[,2.138.4) [2.140,2.149] [2.150,2.150.1) [2.153,2.154)
  • M
Modification of Assumed-Immutable Data (MAID)

[,2.138.4) [2.140,2.149] [2.150,2.150.1) [2.153,2.154)
  • C
Arbitrary Code Execution

[,2.138.4) [2.140,2.150.1) [2.153,2.154)
  • M
Denial of Service (DoS)

[,2.138.4) [2.150,2.154)
  • M
Information Exposure

[,1.625.2) [1.630,1.638)
  • L
Arbitrary Code Execution

[1.509.0,1.509.1) [1.510,1.514)
  • M
Arbitrary Code Execution

[,1.587)
  • L
Information Exposure

[,1.480.2) [1.490,1.498)
  • M
Improper Authorization

[,2.121.3) [2.130,2.138)
  • M
Information Exposure

[,2.121.3) [2.130,2.138)
  • M
Authentication Bypass

[,2.121.3) [2.130,2.138)
  • M
Denial of Service (DoS)

[,2.121.3) [2.130,2.138)
  • H
Denial of Service (DoS)

[,2.121.3) [2.130,2.138)
  • M
Deserialization of Untrusted Data

[,2.121.3) [2.130,2.138)
  • M
Cross-site Scripting (XSS)

[,2.121.2) [2.130,2.133)
  • M
Information Exposure

[,2.121.2) [2.130,2.133)
  • M
Cross-site Scripting (XSS)

[,2.121.2) [2.130,2.133)
  • M
Improper Authorization

[,2.121.2) [2.130,2.133)
  • M
Insufficient Permission Check

[,2.121.2) [2.130,2.133)
  • H
Authentication Bypass

[,2.121.2) [2.130,2.133)
  • H
Arbitrary File Read

[,2.121.2) [2.130,2.133)
  • M
User Impersonation

[,2.107.3) [2.120,2.121)
  • M
Information Exposure

[,2.107.3) [2.120,2.121)
  • M
Server-Side Request Forgery (SSRF)

[,2.107.3) [2.120,2.121)
  • H
Directory Traversal

[,2.107.3) [2.120,2.121)
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)

[,2.120)
  • M
Information Exposure

[,2.32.2) [2.40,2.44)
  • M
Session Hijacking

[,1.532.2)
  • M
Access Restriction Bypass

[,1.532.2)
  • M
Access Restriction Bypass

[,1.532.2)
  • M
Cross-site Scripting (XSS)

[,1.532.2)
  • M
Directory Traversal

[,1.532.2)
  • M
Information Exposure

[,1.532.2)
  • L
Information Exposure

[,1.532.2)
  • L
Cross-site Scripting (XSS)

[,1.532.2)
  • H
Clickjacking

[,1.532.2)
  • M
Privilege Escalation

[,1.596.1)
  • M
Information Exposure

[,1.565.3)
  • M
Cross-site Scripting (XSS)

[,1.596.2) [1.600,1.606)
  • M
Arbitrary Code Execution

[,1.596.1)
  • H
Privilege Escalation

[,1.596.2) [1.600,1.606)
  • M
Man-in-the-Middle (MitM)

[,1.586)
  • M
Information Exposure

[,1.565.3)
  • M
Information Exposure

[,1.586)
  • M
Cross-site Scripting (XSS)

[,1.565.3)
  • M
Directory Traversal

[,1.565.3)
  • M
Privilege Escalation

[,1.565.3)
  • M
Information Exposure

[,1.565.3)
  • L
Denial of Service (DoS)

[,1.596.1)
  • L
Directory Traversal

[,1.596.1)
  • M
Cross-site Scripting (XSS)

[,1.596.2) [1.600,1.606)
  • M
Denial of Service (DoS)

[,1.565.3)
  • H
Arbitrary Code Execution

[,1.565.3)
  • M
Information Exposure

[,2.32.2) [2.40,2.44)
  • M
Information Exposure

[,2.32.2) [2.40,2.44)
  • M
Cross-site Scripting (XSS)

[,2.32.2) [2.40,2.44)
  • M
Cross-site Request Forgery (CSRF)

[,1.625.2) [1.630,1.638)
  • M
XML External Entity (XXE) Injection

[,1.625.2) [1.630,1.638)
  • M
Directory Traversal

[,1.625.2) [1.630,1.638)
  • M
Access Restriction Bypass

[,1.625.2) [1.630,1.638)
  • M
Cross-site Scripting (XSS)

[,1.625.2) [1.630,1.638)
  • M
Information Exposure

[,1.625.2) [1.630,1.638)
  • H
Improper Access Control

[,1.625.2) [1.630,1.638)
  • M
Information Exposure

[,1.625.2) [1.630,1.638)
  • M
Cross-site Request Forgery (CSRF)

[,2.32.2) [2.40,2.44)
  • M
Privilege Escalation

[,2.32.2) [2.40,2.44)
  • H
Deserialization of Untrusted Data

[,2.32.2) [2.40,2.44)
  • M
Insufficient Permission Validation

[,2.32.2) [2.40,2.44)
  • L
Information Exposure

[,2.32.2) [2.40,2.44)
  • M
Arbitrary File Overwrite

[,2.32.2) [2.40,2.44)
  • M
Cross-site Scripting (XSS)

[,2.32.2) [,2.44)
  • H
Cross-site Request Forgery (CSRF)

[,1.625.3) [1.630,1.641)
  • C
Arbitrary Code Execution

[,1.642.2) [1.643.0,1.650)
  • M
Information Exposure

[,2.32.2) [2.40,2.44)
  • M
Timing Attacks

[,1.642.2) [1.643,1.650)
  • M
HTTP Response Splitting

[,1.642.2) [1.643.0,1.650)
  • C
Timing Attack

[,1.642.2) [1.643,1.650)
  • H
Arbitrary Code Execution

[,1.625.3) [1.630,1.641)
  • H
Arbitrary Code Execution

[,1.642.2) [1.643.0,1.650)
  • H
Arbitrary Code Execution

[,1.625.2) [1.630,1.638)
  • M
Insufficient Permission Validation

[,2.32.2) [2.4,2.44)
  • M
Arbitrary Code Injection

[,1.651.2) [2.0,2.3)
  • M
Information Exposure

[,1.651) [2.0.0,2.3)
  • H
Open Redirect

[,1.651.1) [2.0.0,2.3)
  • M
Information Exposure

[,1.651.2) [2.0.0,2.3)
  • M
Information Exposure

[,1.651.2) [2.0,2.3)
  • M
Authentication Bypass

[,1.651.2) [2.0,2.3)
  • M
Denial of Service (DoS)

[,1.651.2) [2.0,2.3)
  • C
Arbitrary Code Execution

[,2.19.3) [2.30,2.32)
  • M
Cross-site Scripting (XSS)

[2.110,2.116) [2.107.0,2.107.2)
  • M
Information Exposure

[,2.107.2)
  • M
Insufficient Permission Validation

[,2.32.2) [2.40,2.44)
  • M
Deserialization of Untrusted Data

[,2.46.2) [2.50,2.57)
  • H
Cross-Site Request Forgery (CSRF)

[,2.46.2) [2.50,2.57)
  • H
Directory Traversal

[,2.73.3) [2.80,2.89)
  • H
Arbitrary Shell Command Execution

[,2.73.2) [2.80,2.83)
  • M
Information Exposure

[,2.73.2) [2.80,2.84)
  • M
Man-in-the-Middle (MitM)

[,2.73.2) [2.80,2.84)
  • M
Information Exposure

[,2.73.2) [2.80,2.84)
  • M
Information Exposure

[,2.73.2) [2.80,2.84)
  • M
Information Exposure

[,2.73.2)
  • H
Authentication Bypass

[,2.46.2) [2.50,2.57)
  • C
Information Exposure

[,2.32.2) [2.40,2.44)
  • C
Deserialization of Untrusted Data

[,2.46.2) [2.50,2.57)
  • L
Information Exposure

[,2.73.2)
  • H
Insecure Initialization

[,2.89.2) [2.90,2.95)
  • H
Cross-site Request Forgery (CSRF)

[,2.89.2) [2.90,2.95)
  • M
Server-Side Request Forgery (SSRF)

[,2.89.4)
  • M
Improper Input Validation

[,2.89.4]
  • M
Directory Traversal

[,2.89.4)