Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.44
Next non-vulnerable version 2.45
Latest non-vulnerable version 2.555
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-wb3y-k94s-eyb4
Aliases:
CVE-2017-2608
GHSA-fwqr-3pvp-pjwq
Deserialization of Untrusted Data Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs.
2.45
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (16)
Vulnerability Summary Aliases
VCID-1gnc-b5tg-3fhe Inadequate Encryption Strength Jenkins uses `AES ECB` block cipher mode without an `IV` for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks. CVE-2017-2598
GHSA-r9q2-3r6x-qmgp
VCID-2zwg-a71p-r7hs Improper Privilege Management Jenkins is vulnerable to an insufficient permission check for periodic processes. CVE-2017-2611
GHSA-3297-944x-j7x7
VCID-6cw8-67c2-1ugk Information Exposure Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an `UnprotectedRootAction`. CVE-2017-2606
GHSA-6967-9vvv-4cmm
VCID-8u35-jee9-5qes Information Exposure In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes. CVE-2017-2600
GHSA-wj5c-j656-h5fw
VCID-fndu-scdw-jueh Improper Authentication In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks. CVE-2017-2604
GHSA-m93h-5qmx-pphg
VCID-h23h-s8t3-byhr Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names. CVE-2017-2610
GHSA-jff5-55xj-4jcq
VCID-hgy1-h6aj-dbbu Information Exposure Jenkins is vulnerable to an information disclosure vulnerability in search suggestions. The `autocomplete` feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to. CVE-2017-2609
GHSA-v222-w2mw-xjc6
VCID-kbj2-ymsz-5qe8 Information Exposure Jenkins is vulnerable to a user data leak in disconnected agents' `config.xml` API. This could leak sensitive data such as API tokens. CVE-2017-2603
GHSA-x55p-6526-xmmp
VCID-kzfk-8p92-3bgs Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs. CVE-2017-2607
GHSA-42m6-7xff-9v9m
VCID-q58h-d9w2-8yez Information Exposure Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents. CVE-2017-2602
GHSA-ffgg-vphh-v273
VCID-rhrm-caa2-9kae Improper Privilege Management Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to. CVE-2017-2599
GHSA-7r4h-2h23-6jq9
VCID-sanw-xj8r-1kbb Information Exposure The re-key admin monitor in Jenkins re-encrypts all secrets in `JENKINS_HOME` with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups are world-readable and not removed. CVE-2017-1000362
GHSA-92mr-4w2q-4578
VCID-v2ky-wpb2-6qhk Cross-site Scripting Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. CVE-2017-2601
GHSA-r69c-5j7c-vm6q
VCID-wb3y-k94s-eyb4 Deserialization of Untrusted Data Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in `javax.imageio` in XStream-based APIs. CVE-2017-2608
GHSA-fwqr-3pvp-pjwq
VCID-yw8v-fqar-z7b5 Incorrect Permission Assignment for Critical Resource In Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK. CVE-2017-2612
GHSA-wf9g-rh76-6jvr
VCID-zb9r-zjt8-wqae Cross-Site Request Forgery (CSRF) Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records. CVE-2017-2613
GHSA-pwv6-872c-gcg6

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:18.545371+00:00 GHSA Importer Fixing VCID-sanw-xj8r-1kbb https://github.com/advisories/GHSA-92mr-4w2q-4578 38.1.0
2026-04-01T16:01:37.204840+00:00 GHSA Importer Fixing VCID-1gnc-b5tg-3fhe https://github.com/advisories/GHSA-r9q2-3r6x-qmgp 38.0.0
2026-04-01T16:01:37.108494+00:00 GHSA Importer Fixing VCID-q58h-d9w2-8yez https://github.com/advisories/GHSA-ffgg-vphh-v273 38.0.0
2026-04-01T16:01:36.993600+00:00 GHSA Importer Fixing VCID-8u35-jee9-5qes https://github.com/advisories/GHSA-wj5c-j656-h5fw 38.0.0
2026-04-01T16:01:36.956210+00:00 GHSA Importer Fixing VCID-yw8v-fqar-z7b5 https://github.com/advisories/GHSA-wf9g-rh76-6jvr 38.0.0
2026-04-01T16:01:36.896512+00:00 GHSA Importer Fixing VCID-wb3y-k94s-eyb4 https://github.com/advisories/GHSA-fwqr-3pvp-pjwq 38.0.0
2026-04-01T16:01:36.757670+00:00 GHSA Importer Fixing VCID-zb9r-zjt8-wqae https://github.com/advisories/GHSA-pwv6-872c-gcg6 38.0.0
2026-04-01T16:01:36.725174+00:00 GHSA Importer Fixing VCID-kbj2-ymsz-5qe8 https://github.com/advisories/GHSA-x55p-6526-xmmp 38.0.0
2026-04-01T16:01:36.689090+00:00 GHSA Importer Fixing VCID-fndu-scdw-jueh https://github.com/advisories/GHSA-m93h-5qmx-pphg 38.0.0
2026-04-01T16:01:36.655558+00:00 GHSA Importer Fixing VCID-h23h-s8t3-byhr https://github.com/advisories/GHSA-jff5-55xj-4jcq 38.0.0
2026-04-01T16:01:36.624315+00:00 GHSA Importer Fixing VCID-hgy1-h6aj-dbbu https://github.com/advisories/GHSA-v222-w2mw-xjc6 38.0.0
2026-04-01T16:01:36.569336+00:00 GHSA Importer Fixing VCID-kzfk-8p92-3bgs https://github.com/advisories/GHSA-42m6-7xff-9v9m 38.0.0
2026-04-01T16:01:36.512322+00:00 GHSA Importer Fixing VCID-6cw8-67c2-1ugk https://github.com/advisories/GHSA-6967-9vvv-4cmm 38.0.0
2026-04-01T16:01:21.694345+00:00 GHSA Importer Fixing VCID-2zwg-a71p-r7hs https://github.com/advisories/GHSA-3297-944x-j7x7 38.0.0
2026-04-01T16:01:02.207083+00:00 GHSA Importer Fixing VCID-rhrm-caa2-9kae https://github.com/advisories/GHSA-7r4h-2h23-6jq9 38.0.0
2026-04-01T16:00:51.259912+00:00 GHSA Importer Fixing VCID-v2ky-wpb2-6qhk https://github.com/advisories/GHSA-r69c-5j7c-vm6q 38.0.0
2026-04-01T13:12:02.477952+00:00 GithubOSV Importer Fixing VCID-sanw-xj8r-1kbb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92mr-4w2q-4578/GHSA-92mr-4w2q-4578.json 38.0.0
2026-04-01T13:11:59.358356+00:00 GithubOSV Importer Fixing VCID-kzfk-8p92-3bgs https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-42m6-7xff-9v9m/GHSA-42m6-7xff-9v9m.json 38.0.0
2026-04-01T13:11:29.677513+00:00 GithubOSV Importer Fixing VCID-yw8v-fqar-z7b5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wf9g-rh76-6jvr/GHSA-wf9g-rh76-6jvr.json 38.0.0
2026-04-01T13:11:18.365513+00:00 GithubOSV Importer Fixing VCID-q58h-d9w2-8yez https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ffgg-vphh-v273/GHSA-ffgg-vphh-v273.json 38.0.0
2026-04-01T13:11:17.726219+00:00 GithubOSV Importer Fixing VCID-kbj2-ymsz-5qe8 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x55p-6526-xmmp/GHSA-x55p-6526-xmmp.json 38.0.0
2026-04-01T13:11:07.346062+00:00 GithubOSV Importer Fixing VCID-h23h-s8t3-byhr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jff5-55xj-4jcq/GHSA-jff5-55xj-4jcq.json 38.0.0
2026-04-01T13:10:38.600724+00:00 GithubOSV Importer Fixing VCID-hgy1-h6aj-dbbu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v222-w2mw-xjc6/GHSA-v222-w2mw-xjc6.json 38.0.0
2026-04-01T13:10:35.728757+00:00 GithubOSV Importer Fixing VCID-fndu-scdw-jueh https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m93h-5qmx-pphg/GHSA-m93h-5qmx-pphg.json 38.0.0
2026-04-01T13:09:45.763245+00:00 GithubOSV Importer Fixing VCID-zb9r-zjt8-wqae https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pwv6-872c-gcg6/GHSA-pwv6-872c-gcg6.json 38.0.0
2026-04-01T13:09:22.738337+00:00 GithubOSV Importer Fixing VCID-6cw8-67c2-1ugk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6967-9vvv-4cmm/GHSA-6967-9vvv-4cmm.json 38.0.0
2026-04-01T13:09:12.405085+00:00 GithubOSV Importer Fixing VCID-8u35-jee9-5qes https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wj5c-j656-h5fw/GHSA-wj5c-j656-h5fw.json 38.0.0
2026-04-01T13:08:49.554327+00:00 GithubOSV Importer Fixing VCID-wb3y-k94s-eyb4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fwqr-3pvp-pjwq/GHSA-fwqr-3pvp-pjwq.json 38.0.0
2026-04-01T13:08:38.559622+00:00 GithubOSV Importer Fixing VCID-v2ky-wpb2-6qhk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r69c-5j7c-vm6q/GHSA-r69c-5j7c-vm6q.json 38.0.0
2026-04-01T13:08:36.181058+00:00 GithubOSV Importer Fixing VCID-2zwg-a71p-r7hs https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3297-944x-j7x7/GHSA-3297-944x-j7x7.json 38.0.0
2026-04-01T13:08:29.019721+00:00 GithubOSV Importer Fixing VCID-1gnc-b5tg-3fhe https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r9q2-3r6x-qmgp/GHSA-r9q2-3r6x-qmgp.json 38.0.0
2026-04-01T13:08:05.920351+00:00 GithubOSV Importer Fixing VCID-rhrm-caa2-9kae https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7r4h-2h23-6jq9/GHSA-7r4h-2h23-6jq9.json 38.0.0
2026-04-01T12:47:41.131433+00:00 GitLab Importer Fixing VCID-1gnc-b5tg-3fhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2598.yml 38.0.0
2026-04-01T12:47:41.082707+00:00 GitLab Importer Fixing VCID-hgy1-h6aj-dbbu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2609.yml 38.0.0
2026-04-01T12:47:40.929466+00:00 GitLab Importer Fixing VCID-kzfk-8p92-3bgs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2607.yml 38.0.0
2026-04-01T12:47:40.735972+00:00 GitLab Importer Fixing VCID-h23h-s8t3-byhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2610.yml 38.0.0
2026-04-01T12:47:40.712987+00:00 GitLab Importer Fixing VCID-kbj2-ymsz-5qe8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2603.yml 38.0.0
2026-04-01T12:47:40.689857+00:00 GitLab Importer Affected by VCID-wb3y-k94s-eyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2608.yml 38.0.0
2026-04-01T12:47:40.669501+00:00 GitLab Importer Fixing VCID-8u35-jee9-5qes https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2600.yml 38.0.0
2026-04-01T12:47:40.647171+00:00 GitLab Importer Fixing VCID-zb9r-zjt8-wqae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2613.yml 38.0.0
2026-04-01T12:47:40.624968+00:00 GitLab Importer Fixing VCID-fndu-scdw-jueh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2604.yml 38.0.0
2026-04-01T12:47:40.606106+00:00 GitLab Importer Fixing VCID-q58h-d9w2-8yez https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2602.yml 38.0.0
2026-04-01T12:47:40.586956+00:00 GitLab Importer Fixing VCID-yw8v-fqar-z7b5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2612.yml 38.0.0
2026-04-01T12:47:40.404379+00:00 GitLab Importer Fixing VCID-v2ky-wpb2-6qhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2601.yml 38.0.0
2026-04-01T12:47:40.085852+00:00 GitLab Importer Fixing VCID-2zwg-a71p-r7hs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2611.yml 38.0.0
2026-04-01T12:47:40.063960+00:00 GitLab Importer Fixing VCID-6cw8-67c2-1ugk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2606.yml 38.0.0
2026-04-01T12:47:39.063231+00:00 GitLab Importer Fixing VCID-rhrm-caa2-9kae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-2599.yml 38.0.0