Search for packages
| purl | pkg:maven/org.jenkins-ci.main/jenkins-core@2.34 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1gnc-b5tg-3fhe
Aliases: CVE-2017-2598 GHSA-r9q2-3r6x-qmgp |
Inadequate Encryption Strength Jenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks. |
Affected by 1 other vulnerability. |
|
VCID-6cw8-67c2-1ugk
Aliases: CVE-2017-2606 GHSA-6967-9vvv-4cmm |
Information Exposure Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`. |
Affected by 1 other vulnerability. |
|
VCID-8u35-jee9-5qes
Aliases: CVE-2017-2600 GHSA-wj5c-j656-h5fw |
Information Exposure In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes. |
Affected by 1 other vulnerability. |
|
VCID-fndu-scdw-jueh
Aliases: CVE-2017-2604 GHSA-m93h-5qmx-pphg |
Improper Authentication In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks. |
Affected by 1 other vulnerability. |
|
VCID-h23h-s8t3-byhr
Aliases: CVE-2017-2610 GHSA-jff5-55xj-4jcq |
Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names. |
Affected by 1 other vulnerability. |
|
VCID-hgy1-h6aj-dbbu
Aliases: CVE-2017-2609 GHSA-v222-w2mw-xjc6 |
Information Exposure Jenkins is vulnerable to an information disclosure vulnerability in search suggestions. The `autocomplete` feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to. |
Affected by 1 other vulnerability. |
|
VCID-kbj2-ymsz-5qe8
Aliases: CVE-2017-2603 GHSA-x55p-6526-xmmp |
Information Exposure Jenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens. |
Affected by 1 other vulnerability. |
|
VCID-kzfk-8p92-3bgs
Aliases: CVE-2017-2607 GHSA-42m6-7xff-9v9m |
Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs. |
Affected by 1 other vulnerability. |
|
VCID-q58h-d9w2-8yez
Aliases: CVE-2017-2602 GHSA-ffgg-vphh-v273 |
Information Exposure Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents. |
Affected by 1 other vulnerability. |
|
VCID-rhrm-caa2-9kae
Aliases: CVE-2017-2599 GHSA-7r4h-2h23-6jq9 |
Improper Privilege Management Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to. |
Affected by 1 other vulnerability. |
|
VCID-v2ky-wpb2-6qhk
Aliases: CVE-2017-2601 GHSA-r69c-5j7c-vm6q |
Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. |
Affected by 1 other vulnerability. |
|
VCID-wb3y-k94s-eyb4
Aliases: CVE-2017-2608 GHSA-fwqr-3pvp-pjwq |
Deserialization of Untrusted Data Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-yw8v-fqar-z7b5
Aliases: CVE-2017-2612 GHSA-wf9g-rh76-6jvr |
Incorrect Permission Assignment for Critical Resource In Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK. |
Affected by 1 other vulnerability. |
|
VCID-zb9r-zjt8-wqae
Aliases: CVE-2017-2613 GHSA-pwv6-872c-gcg6 |
Cross-Site Request Forgery (CSRF) Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:01:37.197057+00:00 | GHSA Importer | Affected by | VCID-1gnc-b5tg-3fhe | https://github.com/advisories/GHSA-r9q2-3r6x-qmgp | 38.0.0 |
| 2026-04-01T16:01:37.101090+00:00 | GHSA Importer | Affected by | VCID-q58h-d9w2-8yez | https://github.com/advisories/GHSA-ffgg-vphh-v273 | 38.0.0 |
| 2026-04-01T16:01:36.985943+00:00 | GHSA Importer | Affected by | VCID-8u35-jee9-5qes | https://github.com/advisories/GHSA-wj5c-j656-h5fw | 38.0.0 |
| 2026-04-01T16:01:36.952347+00:00 | GHSA Importer | Affected by | VCID-yw8v-fqar-z7b5 | https://github.com/advisories/GHSA-wf9g-rh76-6jvr | 38.0.0 |
| 2026-04-01T16:01:36.893164+00:00 | GHSA Importer | Affected by | VCID-wb3y-k94s-eyb4 | https://github.com/advisories/GHSA-fwqr-3pvp-pjwq | 38.0.0 |
| 2026-04-01T16:01:36.754293+00:00 | GHSA Importer | Affected by | VCID-zb9r-zjt8-wqae | https://github.com/advisories/GHSA-pwv6-872c-gcg6 | 38.0.0 |
| 2026-04-01T16:01:36.717430+00:00 | GHSA Importer | Affected by | VCID-kbj2-ymsz-5qe8 | https://github.com/advisories/GHSA-x55p-6526-xmmp | 38.0.0 |
| 2026-04-01T16:01:36.681363+00:00 | GHSA Importer | Affected by | VCID-fndu-scdw-jueh | https://github.com/advisories/GHSA-m93h-5qmx-pphg | 38.0.0 |
| 2026-04-01T16:01:36.652135+00:00 | GHSA Importer | Affected by | VCID-h23h-s8t3-byhr | https://github.com/advisories/GHSA-jff5-55xj-4jcq | 38.0.0 |
| 2026-04-01T16:01:36.620715+00:00 | GHSA Importer | Affected by | VCID-hgy1-h6aj-dbbu | https://github.com/advisories/GHSA-v222-w2mw-xjc6 | 38.0.0 |
| 2026-04-01T16:01:36.562064+00:00 | GHSA Importer | Affected by | VCID-kzfk-8p92-3bgs | https://github.com/advisories/GHSA-42m6-7xff-9v9m | 38.0.0 |
| 2026-04-01T16:01:36.505136+00:00 | GHSA Importer | Affected by | VCID-6cw8-67c2-1ugk | https://github.com/advisories/GHSA-6967-9vvv-4cmm | 38.0.0 |
| 2026-04-01T16:01:02.200091+00:00 | GHSA Importer | Affected by | VCID-rhrm-caa2-9kae | https://github.com/advisories/GHSA-7r4h-2h23-6jq9 | 38.0.0 |
| 2026-04-01T16:00:51.251886+00:00 | GHSA Importer | Affected by | VCID-v2ky-wpb2-6qhk | https://github.com/advisories/GHSA-r69c-5j7c-vm6q | 38.0.0 |