| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-1003000 | A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/or... | E | |
| CVE-2019-1003001 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/o... | E | |
| CVE-2019-1003002 | A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-... | E | |
| CVE-2019-1003003 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier... | | |
| CVE-2019-1003004 | An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier... | | |
| CVE-2019-1003005 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main... | | |
| CVE-2019-1003006 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/huds... | | |
| CVE-2019-1003007 | A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in sr... | | |
| CVE-2019-1003008 | A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 a... | | |
| CVE-2019-1003009 | An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and ... | | |
| CVE-2019-1003010 | A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/mai... | | |
| CVE-2019-1003011 | An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5... | | |
| CVE-2019-1003012 | A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueoce... | | |
| CVE-2019-1003013 | An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blu... | | |
| CVE-2019-1003014 | An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlie... | | |
| CVE-2019-1003015 | An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier ... | | |
| CVE-2019-1003016 | An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earli... | | |
| CVE-2019-1003017 | A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAc... | | |
| CVE-2019-1003018 | An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.... | | |
| CVE-2019-1003019 | An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in... | | |
| CVE-2019-1003020 | A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in ... | | |
| CVE-2019-1003021 | An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication P... | | |
| CVE-2019-1003022 | A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginIm... | | |
| CVE-2019-1003023 | A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and ear... | | |
| CVE-2019-1003024 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectAS... | | |
| CVE-2019-1003025 | A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and e... | | |
| CVE-2019-1003026 | A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 a... | | |
| CVE-2019-1003027 | A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier... | | |
| CVE-2019-1003028 | A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier... | | |
| CVE-2019-1003029 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main... | KEV | |
| CVE-2019-1003030 | A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml... | KEV E | |
| CVE-2019-1003031 | A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, ... | | |
| CVE-2019-1003032 | A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml,... | | |
| CVE-2019-1003033 | A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/... | | |
| CVE-2019-1003034 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src... | | |
| CVE-2019-1003035 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in ... | | |
| CVE-2019-1003036 | A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/... | | |
| CVE-2019-1003037 | An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in ... | | |
| CVE-2019-1003038 | An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin ... | | |
| CVE-2019-1003039 | An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin ... | | |
| CVE-2019-1003040 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers t... | | |
| CVE-2019-1003041 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers ... | | |
| CVE-2019-1003042 | A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows att... | | |
| CVE-2019-1003043 | A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers wi... | | |
| CVE-2019-1003044 | A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier all... | | |
| CVE-2019-1003045 | A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extende... | | |
| CVE-2019-1003046 | A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and e... | | |
| CVE-2019-1003047 | A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows at... | | |
| CVE-2019-1003048 | A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system acc... | | |
| CVE-2019-1003049 | Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 ... | S | |
| CVE-2019-1003050 | The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.1... | S | |
| CVE-2019-1003051 | Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins ma... | | |
| CVE-2019-1003052 | Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configur... | | |
| CVE-2019-1003053 | Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins maste... | | |
| CVE-2019-1003054 | Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenk... | | |
| CVE-2019-1003055 | Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the ... | | |
| CVE-2019-1003056 | Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenk... | | |
| CVE-2019-1003057 | Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on ... | | |
| CVE-2019-1003058 | A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.Descr... | | |
| CVE-2019-1003059 | A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLogi... | | |
| CVE-2019-1003060 | Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on... | | |
| CVE-2019-1003061 | Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files ... | | |
| CVE-2019-1003062 | Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configurat... | | |
| CVE-2019-1003063 | Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration ... | | |
| CVE-2019-1003064 | Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on th... | | |
| CVE-2019-1003065 | Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration ... | | |
| CVE-2019-1003066 | Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenki... | | |
| CVE-2019-1003067 | Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins ... | | |
| CVE-2019-1003068 | Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on ... | | |
| CVE-2019-1003069 | Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file... | | |
| CVE-2019-1003070 | Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on t... | | |
| CVE-2019-1003071 | Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the ... | | |
| CVE-2019-1003072 | Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkin... | | |
| CVE-2019-1003073 | Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.x... | | |
| CVE-2019-1003074 | Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on t... | | |
| CVE-2019-1003075 | Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on ... | | |
| CVE-2019-1003076 | A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublish... | | |
| CVE-2019-1003077 | A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl... | | |
| CVE-2019-1003078 | A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabMan... | | |
| CVE-2019-1003079 | A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorI... | | |
| CVE-2019-1003080 | A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplica... | | |
| CVE-2019-1003081 | A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployAppli... | | |
| CVE-2019-1003082 | A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTe... | | |
| CVE-2019-1003083 | A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection for... | | |
| CVE-2019-1003084 | A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in th... | | |
| CVE-2019-1003085 | A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#... | | |
| CVE-2019-1003086 | A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfigur... | | |
| CVE-2019-1003087 | A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.Descriptor... | | |
| CVE-2019-1003088 | Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the J... | | |
| CVE-2019-1003089 | Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins... | | |
| CVE-2019-1003090 | A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer... | | |
| CVE-2019-1003091 | A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#... | | |
| CVE-2019-1003092 | A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#... | | |
| CVE-2019-1003093 | A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection... | | |
| CVE-2019-1003094 | Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenki... | | |
| CVE-2019-1003095 | Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on th... | | |
| CVE-2019-1003096 | Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins maste... | | |
| CVE-2019-1003097 | Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configurati... | | |
| CVE-2019-1003098 | A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.De... | | |
| CVE-2019-1003099 | A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doV... | |