COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Jenkins vendor

6
failure events
0
zero-days
4
RCEs
6
on KEV
1
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 7 events

DateEventSevFlagsShameSummary
2024-08-19 CVE-2024-23897 critical ⚡RCE ⌖KEV 95 Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
2025-10-02 CVE-2017-1000353 high ⚡RCE ⌖KEV 65 Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-
2025-10-02 CVE-2017-1000353 high ⚡RCE ⌖KEV 65 Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-
2022-03-25 CVE-2019-1003030 high ⚡RCE ⌖KEV 65 Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
2022-02-10 CVE-2018-1000861 high ⚡RCE ⌖KEV 65 A code execution vulnerability exists in the Stapler web framework used by Jenkins
2023-05-12 CVE-2015-5317 high ⌖KEV 50 Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
2022-04-25 CVE-2019-1003029 high ⌖KEV 50 Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.