Browse all 12 CVE security advisories affecting jenkins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Jenkins serves as an automation server for building, deploying, and managing software development pipelines, widely adopted for continuous integration and delivery. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or insecure plugins. With 12 CVEs currently on record, security concerns persist around plugin management and access control. Notable incidents include compromised instances being used in cryptomining campaigns and botnets. The platform's extensive plugin ecosystem introduces additional attack surfaces, requiring careful configuration and regular updates to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9453 | Jenkins-image: sensitive data disclosure when using openshift jenkins image — openshift-sync-pluginCWE-532 | 6.5 | Medium | 2025-07-04 |
This page lists every published CVE security advisory associated with jenkins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.