Jan 24, 2024 · Arbitrary file read vulnerability through the CLI can lead to RCE · The "Resource Root URL" functionality is enabled (see documentation). · The CLI WebSocket ...

Sep 20, 2023 · Document Jenkins on Kubernetes. Security. Overview ... search. This allows ... Jenkins creates a temporary file when a plugin is deployed directly from a URL.

Oct 25, 2023 · 3.1 escapes GitHub project URL on the build page when showing changes. Exposure of system-scoped credentials in Warnings Plugin. SECURITY-3265 / CVE-2023-46651

Mar 6, 2024 · This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL. Additionally, the plugin reconfigures itself ...

Jun 14, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another ...

Dec 13, 2023 · This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication ...

Sep 6, 2023 · ... URL, when rendering an error message. This results in an HTML injection vulnerability. Since Jenkins 2.275 and LTS 2.263.2, a security hardening for form ...

Jul 12, 2023 · This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful authentication ...

Aug 16, 2023 · This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. This issue ...

Jul 26, 2023 · This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through ...