Search for packages
| purl | pkg:maven/org.jenkins-ci.main/jenkins-core@2.32.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1gnc-b5tg-3fhe
Aliases: CVE-2017-2598 GHSA-r9q2-3r6x-qmgp |
Inadequate Encryption Strength Jenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-6cw8-67c2-1ugk
Aliases: CVE-2017-2606 GHSA-6967-9vvv-4cmm |
Information Exposure Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-8u35-jee9-5qes
Aliases: CVE-2017-2600 GHSA-wj5c-j656-h5fw |
Information Exposure In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-fndu-scdw-jueh
Aliases: CVE-2017-2604 GHSA-m93h-5qmx-pphg |
Improper Authentication In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-kbj2-ymsz-5qe8
Aliases: CVE-2017-2603 GHSA-x55p-6526-xmmp |
Information Exposure Jenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-kzfk-8p92-3bgs
Aliases: CVE-2017-2607 GHSA-42m6-7xff-9v9m |
Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-q58h-d9w2-8yez
Aliases: CVE-2017-2602 GHSA-ffgg-vphh-v273 |
Information Exposure Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-rhrm-caa2-9kae
Aliases: CVE-2017-2599 GHSA-7r4h-2h23-6jq9 |
Improper Privilege Management Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-sanw-xj8r-1kbb
Aliases: CVE-2017-1000362 GHSA-92mr-4w2q-4578 |
Information Exposure The re-key admin monitor in Jenkins re-encrypts all secrets in `JENKINS_HOME` with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups are world-readable and not removed. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-v2ky-wpb2-6qhk
Aliases: CVE-2017-2601 GHSA-r69c-5j7c-vm6q |
Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. |
Affected by 15 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:31:18.574275+00:00 | GHSA Importer | Affected by | VCID-sanw-xj8r-1kbb | https://github.com/advisories/GHSA-92mr-4w2q-4578 | 38.1.0 |
| 2026-04-01T16:01:37.167267+00:00 | GHSA Importer | Affected by | VCID-q58h-d9w2-8yez | https://github.com/advisories/GHSA-ffgg-vphh-v273 | 38.0.0 |
| 2026-04-01T16:01:37.137304+00:00 | GHSA Importer | Affected by | VCID-1gnc-b5tg-3fhe | https://github.com/advisories/GHSA-r9q2-3r6x-qmgp | 38.0.0 |
| 2026-04-01T16:01:37.018374+00:00 | GHSA Importer | Affected by | VCID-8u35-jee9-5qes | https://github.com/advisories/GHSA-wj5c-j656-h5fw | 38.0.0 |
| 2026-04-01T16:01:36.921033+00:00 | GHSA Importer | Affected by | VCID-kbj2-ymsz-5qe8 | https://github.com/advisories/GHSA-x55p-6526-xmmp | 38.0.0 |
| 2026-04-01T16:01:36.839557+00:00 | GHSA Importer | Affected by | VCID-kzfk-8p92-3bgs | https://github.com/advisories/GHSA-42m6-7xff-9v9m | 38.0.0 |
| 2026-04-01T16:01:36.813374+00:00 | GHSA Importer | Affected by | VCID-6cw8-67c2-1ugk | https://github.com/advisories/GHSA-6967-9vvv-4cmm | 38.0.0 |
| 2026-04-01T16:01:36.475203+00:00 | GHSA Importer | Affected by | VCID-fndu-scdw-jueh | https://github.com/advisories/GHSA-m93h-5qmx-pphg | 38.0.0 |
| 2026-04-01T16:01:02.171679+00:00 | GHSA Importer | Affected by | VCID-rhrm-caa2-9kae | https://github.com/advisories/GHSA-7r4h-2h23-6jq9 | 38.0.0 |
| 2026-04-01T16:00:51.217765+00:00 | GHSA Importer | Affected by | VCID-v2ky-wpb2-6qhk | https://github.com/advisories/GHSA-r69c-5j7c-vm6q | 38.0.0 |