These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-1000353 is a Jenkins remote code execution vulnerability that CISA has placed in the Known Exploited Vulnerabilities (KEV) catalog. The supplied CISA metadata indicates the vulnerability is known to be exploited in the wild and sets a remediation due date of 2025-10-23. Organizations running Jenkins should treat this as a high-priority exposure and follow vendor guidance immediately.
CVE-2024-23897 affects Jenkins Command Line Interface (CLI) and is identified by CISA as a Known Exploited Vulnerability. The source metadata also marks it as associated with known ransomware campaign use. Because it is on the KEV catalog, defenders should treat this as an active risk and apply vendor guidance promptly.
CVE-2015-5317 is a Jenkins User Interface (UI) information disclosure vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The supplied corpus does not include a CVSS score or exploit mechanics, but the KEV listing means defenders should treat it as a priority remediation item for Jenkins installations.
CVE-2019-1003029 is a Jenkins Script Security Plugin sandbox bypass vulnerability. CISA lists it in the Known Exploited Vulnerabilities catalog, which makes it a defensive priority for any environment running Jenkins with this plugin installed. The supplied official records do not include deeper technical details or a CVSS score, so the safest response is to treat affected instances as exposed until verif [truncated]
CVE-2019-1003030 is a Jenkins Matrix Project Plugin remote code execution vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. That KEV inclusion means defenders should treat it as actively exploited or high-risk enough to warrant urgent remediation. The official guidance in the corpus is straightforward: apply updates per vendor instructions.
CVE-2018-1000861 is a deserialization of untrusted data vulnerability affecting the Jenkins Stapler Web Framework. CISA lists it in the Known Exploited Vulnerabilities catalog, which makes it a high-priority issue for Jenkins operators even though the supplied corpus does not include severity scoring or deeper technical detail. The safest defensive response is to follow vendor update guidance and confirm [truncated]
CVE-2016-4988 is a cross-site scripting issue in the Jenkins Build Failure Analyzer plugin before version 1.16.0. A remote attacker can inject arbitrary web script or HTML through an unspecified parameter, creating risk for users who view the affected content in Jenkins. The issue was publicly referenced in the Jenkins Security Advisory dated 2016-06-20 and later published in NVD as CVE-2016-4988.
CVE-2016-4987 is a directory traversal issue in the Jenkins Image Gallery plugin before version 1.4. According to the CVE description, a remote attacker could use unspecified form fields to list arbitrary directories and read arbitrary files. The official NVD record classifies the weakness as CWE-22 and assigns a medium severity score.
CVE-2016-4986 is a high-severity directory traversal issue in the Jenkins TAP plugin. According to NVD, versions before 1.25 are vulnerable and a remote attacker can read arbitrary files through an unspecified parameter. The weakness is categorized as CWE-22, and the CVSS v3.1 vector indicates network access, no privileges, no user interaction, and high confidentiality impact.
CVE-2016-3102 affects the Jenkins Script Security plugin before 1.18.1. According to the vendor advisory referenced by NVD, a plugin could bypass Groovy sandbox protection by using direct field access or get/set array operations. The issue is rated HIGH and should be treated as a serious sandbox boundary bypass in Jenkins environments that rely on scripted execution controls.
CVE-2016-3101 describes a cross-site scripting (XSS) vulnerability in the Jenkins Extra Columns plugin before version 1.17. According to the CVE description and NVD data, the issue comes from tool tips not being filtered through the configured markup formatter, allowing remote attackers to inject arbitrary web script or HTML. The CVE was published on 2017-02-09, and the vendor advisory reference points to [truncated]
CVE-2016-9299 is a critical Jenkins vulnerability affecting the remoting module. According to the official record, versions before Jenkins 2.32 and LTS before 2.19.3 allow remote attackers to execute arbitrary code through a crafted serialized Java object that triggers an LDAP query to a third-party server. NVD lists this as a network-reachable, no-authentication issue with high impact to confidentiality, [truncated]