threat
engine
.sh
Back
·
··:··
Home
/
Product
/
jenkins pipeline\
Product
jenkins pipeline\
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-52551
<= 2.2214.vb_b_34b_2ea_9b_83
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script us
8.0
HIGH
CVE-2024-52550
< 3975.3977.v478dd9e956c3
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (J
8.0
HIGH
CVE-2023-32977
<= 1292.v27d8cc3e2602
Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting i
5.4
MEDIUM
CVE-2023-25762
<= 2.18
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Sni
5.4
MEDIUM
CVE-2022-43409
<= 838.va_3a_087b_4055b
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks
5.4
MEDIUM
CVE-2022-43408
< 2.27
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate U
6.5
MEDIUM
CVE-2022-43407
<= 451.vf1a_a_4f405289
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of t
8.8
HIGH
CVE-2022-43402
<= 2802.v5ea_628154b_c2
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Gr
9.9
CRITICAL
CVE-2022-34177
<= 448.v37cea_9a_10a_70
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for
file
parameters for Pipeline `i
7.5
HIGH
CVE-2022-30945
< 2689.v434009a_31b_f1
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkin
8.5
HIGH
CVE-2022-29047
< 2.21.3
Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit
5.3
MEDIUM
CVE-2022-28158
<= 1.3
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permiss
6.5
MEDIUM
CVE-2022-28157
<= 1.3
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary file
6.5
MEDIUM
CVE-2022-28156
<= 1.3
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files
6.5
MEDIUM
CVE-2022-28155
<= 1.3
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) a
8.1
HIGH
CVE-2022-25184
<= 2.15
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script u
6.5
MEDIUM
CVE-2022-25183
<= 552.vd9cc05b8a2e1
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cach
8.8
HIGH
CVE-2022-25182
<= 552.vd9cc05b8a2e1
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers
8.8
HIGH
CVE-2022-25181
<= 552.vd9cc05b8a2e1
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers
8.8
HIGH
CVE-2022-25180
<= 2648.va9433432b33c
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed bu
4.3
MEDIUM
CVE-2022-25179
<= 706.vd43c65dec013
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout dir
6.5
MEDIUM
CVE-2022-25178
<= 552.vd9cc05b8a2e1
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to
6.5
MEDIUM
CVE-2022-25177
<= 552.vd9cc05b8a2e1
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the
6.5
MEDIUM
CVE-2022-25176
<= 2648.va9433432b33c
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directo
6.5
MEDIUM
CVE-2022-25175
<= 706.vd43c65dec013
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the re
8.8
HIGH
CVE-2022-25174
<= 552.vd9cc05b8a2e1
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCM
8.8
HIGH
CVE-2022-25173
<= 2648.va9433432b33c
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading t
8.8
HIGH
CVE-2020-2166
<= 1.40
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary t
8.8
HIGH
CVE-2020-2109
<= 2.78
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions i
8.8
HIGH
CVE-2019-10357
<= 2.14
A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read ac
4.3
MEDIUM
CVE-2019-1003041
<= 2.64
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructo
9.8
CRITICAL
CVE-2019-1003030
<= 2.63
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/
9.9
CRITICAL
CVE-2019-1003002
<= 1.3.3
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groo
8.8
HIGH
CVE-2019-1003001
<= 2.61
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/
8.8
HIGH
CVE-2018-1000866
<= 2.59
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groo
8.8
HIGH
CVE-2017-1000096
<= 2.36
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initiali
8.8
HIGH
CVE-2017-1000089
<= 2.5
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other el
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin