Browse all 1473 CVE security advisories affecting Jenkins project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Jenkins is an open-source automation server primarily used for continuous integration and continuous delivery (CI/CD) pipelines. As a widely adopted tool in software development, it facilitates the building, testing, and deployment of code. Historically, the platform has been susceptible to numerous security flaws, with over 1,400 Common Vulnerabilities and Exposures (CVEs) recorded. These vulnerabilities frequently involve remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from insecure default configurations or improper input validation. A notable incident occurred in 2019 when a critical RCE flaw allowed attackers to execute arbitrary commands on build agents. The Jenkins project has since implemented stricter security defaults and improved access controls to mitigate these risks. Despite these efforts, the sheer volume of historical CVEs highlights the complexity of securing a long-standing, feature-rich automation ecosystem, requiring diligent maintenance and configuration management by administrators to ensure robust protection against potential exploits.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-24454 | Jenkins Plugin TestQuality Updater 安全漏洞 — Jenkins TestQuality Updater Plugin | 5.5 | - | 2023-01-24 |
| CVE-2023-24453 | Jenkins Plugin TestQuality Updater 安全漏洞 — Jenkins TestQuality Updater Plugin | 6.5 | - | 2023-01-24 |
| CVE-2023-24452 | Jenkins Plugin TestQuality Updater 跨站请求伪造漏洞 — Jenkins TestQuality Updater Plugin | 8.1 | - | 2023-01-24 |
| CVE-2023-24451 | Jenkins Plugin Cisco Spark Notifier 安全漏洞 — Jenkins Cisco Spark Notifier Plugin | 4.3 | - | 2023-01-24 |
| CVE-2023-24449 | Jenkins Plugin PWauth Security Realm 路径遍历漏洞 — Jenkins PWauth Security Realm Plugin | 4.3 | - | 2023-01-24 |
| CVE-2023-24448 | Jenkins Plugin RabbitMQ Consumer 安全漏洞 — Jenkins RabbitMQ Consumer Plugin | 6.5 | - | 2023-01-24 |
| CVE-2023-24447 | Jenkins Plugin RabbitMQ Consumer 跨站请求伪造漏洞 — Jenkins RabbitMQ Consumer Plugin | 6.5 | - | 2023-01-24 |
| CVE-2023-24446 | Jenkins Plugin OpenID 跨站请求伪造漏洞 — Jenkins OpenID Plugin | 8.8 | - | 2023-01-24 |
| CVE-2023-24445 | Jenkins Plugin OpenID 输入验证错误漏洞 — Jenkins OpenID Plugin | 5.4 | - | 2023-01-24 |
| CVE-2023-24444 | Jenkins Plugin OpenID 安全漏洞 — Jenkins OpenID Plugin | 9.8 | - | 2023-01-24 |
| CVE-2023-24443 | Jenkins Plugin TestComplete support 代码问题漏洞 — Jenkins TestComplete support Plugin | 9.1 | - | 2023-01-24 |
| CVE-2023-24450 | Jenkins Plugin view-cloner 安全漏洞 — Jenkins view-cloner Plugin | 6.5 | - | 2023-01-24 |
| CVE-2022-46684 | Jenkins Checkmarx Plugin 跨站脚本漏洞 — Jenkins Checkmarx Plugin | 5.4 | - | 2022-12-07 |
| CVE-2022-46682 | Jenkins Plot Plugin 代码问题漏洞 — Jenkins Plot Plugin | 8.1 | - | 2022-12-07 |
| CVE-2022-46683 | Jenkins Google Login Plugin 输入验证错误漏洞 — Jenkins Google Login Plugin | 6.1 | - | 2022-12-07 |
| CVE-2022-46685 | Jenkins Gitea Plugin 安全漏洞 — Jenkins Gitea Plugin | 5.3 | - | 2022-12-07 |
| CVE-2022-46687 | Jenkins Spring Config Plugin 跨站脚本漏洞 — Jenkins Spring Config Plugin | 5.4 | - | 2022-12-07 |
| CVE-2022-46688 | Jenkins Sonar Gerrit Plugin 跨站请求伪造漏洞 — Jenkins Sonar Gerrit Plugin | 8.8 | - | 2022-12-07 |
| CVE-2022-46686 | Jenkins Custom Build Properties Plugin 跨站脚本漏洞 — Jenkins Custom Build Properties Plugin | 5.4 | - | 2022-12-07 |
| CVE-2022-45389 | Jenkins Plugin XP-Dev 安全漏洞 — Jenkins XP-Dev Plugin | 7.5 | - | 2022-11-15 |
| CVE-2022-45388 | Jenkins Plugin Config Rotator 路径遍历漏洞 — Jenkins Config Rotator Plugin | 7.5 | - | 2022-11-15 |
| CVE-2022-45387 | Jenkins Plugin BART 跨站脚本漏洞 — Jenkins BART Plugin | 5.4 | - | 2022-11-15 |
| CVE-2022-45386 | Jenkins Plugin Violations 代码问题漏洞 — Jenkins Violations Plugin | 9.1 | - | 2022-11-15 |
| CVE-2022-45385 | Jenkins Plugin CloudBees Docker Hub/Registry Notification 安全漏洞 — Jenkins CloudBees Docker Hub/Registry Notification Plugin | 7.5 | - | 2022-11-15 |
| CVE-2022-45384 | Jenkins Plugin Reverse Proxy Auth 安全漏洞 — Jenkins Reverse Proxy Auth Plugin | 6.5 | - | 2022-11-15 |
| CVE-2022-45380 | Jenkins Plugin JUnit 跨站脚本漏洞 — Jenkins JUnit Plugin | 5.4 | - | 2022-11-15 |
| CVE-2022-38666 | Jenkins NS-ND Integration Performance Publisher Plugin 信任管理问题漏洞 — Jenkins NS-ND Integration Performance Publisher Plugin | 5.3 | - | 2022-11-15 |
| CVE-2022-45379 | Jenkins Plugin Script Security 加密问题漏洞 — Jenkins Script Security Plugin | 8.1 | - | 2022-11-15 |
| CVE-2022-45383 | Jenkins Plugin Support Core 安全漏洞 — Jenkins Support Core Plugin | 6.5 | - | 2022-11-15 |
| CVE-2022-45381 | Jenkins Plugin Pipeline Utility Steps 路径遍历漏洞 — Jenkins Pipeline Utility Steps Plugin | 6.5 | - | 2022-11-15 |
This page lists every published CVE security advisory associated with Jenkins project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.