Type Jenkins Plugin


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.


The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (349): 360 FireLine Plugin, Absint Astree Plugin, AccuRev Plugin, Active Choices Plugin, Active Directory Plugin, Agiletestware Pangolin Connector for TestRail Plugin, Alauda DevOps Pipeline Plugin, Amazon EC2 Plugin, Amazon SNS Build Notifier Plugin, Android Lint Plugin, Ansible Plugin, Ansible Tower Plugin, Ant Plugin, Applatix Plugin, AppSpider Plugin, Aqua MicroScanner Plugin, Aqua Security Serverless Scanner Plugin, Arquillian Steps Plugin, Artifactory Plugin, Artifact Repository Parameter Plugin, Assembla Auth Plugin, Assembla Plugin, Audit to Database Plugin, Audit Trail Plugin, Avatar Plugin, aws-device-farm Plugin, AWSEB Deployment Plugin, AWS CloudWatch Logs Publisher Plugin, AWS CodeBuild Plugin, AWS CodeDeploy Plugin, AWS CodePipeline Plugin, AWS Elastic Beanstalk Publisher Plugin, AWS SAM Plugin, Azure AD Plugin, Azure Event Grid Build Notifier Plugin, Azure PublisherSettings Credentials Plugin, Azure VM Agents Plugin, Backlog Plugin, Badge Plugin, Beaker Builder Plugin, Bitbucket Approve Plugin, Bitbucket OAuth Plugin, Black Duck Detect Plugin, Black Duck Hub Plugin, Blue Ocean Plugin, BMC Release Package, Brakeman Plugin, build-metrics Plugin, Build-Publisher Plugin, buildgraph-view Plugin, Build Environment Plugin, Build Failure Analyzer Plugin, Build Pipeline Plugin, Build with Parameters Plugin, Bumblebee HP ALM Plugin, Cadence vManager Plugin, Caliper CI Plugin, Call Remote Job Plugin, CAS Plugin, CCM Plugin, Chaos Monkey Plugin, Checkstyle Plugin, Chef Sinatra Plugin, chosen-views-tabbar Plugin, Claim Plugin, ClearCase Release Plugin, CloudBees AWS Credentials Plugin, CloudBees CD Plugin, CloudCoreo DeployTime Plugin, Cobertura Plugin, Codefresh Integration Plugin, CodeScan Plugin, CollabNet Plugin, Compact Columns Plugin, Compatibility Action Storage Plugin, computer-queue-plugin, Configuration as Code Plugin, Configuration Slicing Plugin, Config File Provider Plugin, Confluence Publisher Plugin, Copr Plugin, Copy Artifact Plugin, Copy Data to Workspace Plugin, Copy To Slave Plugin, couchdb-statistics Plugin, Coverage-Complexity Scatter Plot Plugin, Coverity Plugin, CppNCSS Plugin, Credentials Binding Plugin, Credentials Plugin, crittercism-dsym Plugin, Crowd 2 Integration Plugin, Crowd 2 Intergration Plugin, Crowd Integration Plugin, CRX Content Package Deployer Plugin, CryptoMove Plugin, Cucumber Living Documentation Plugin, Custom Job Icon Plugin, CVS Plugin, Dashboard View Plugin, Database Plugin, Data Theorem CI-CD Plugin, Debian Package Builder Plugin, Delivery Pipeline Plugin, Delphix Plugin, Dependency Graph Viewer Plugin, Deployer Framework Plugin, DeployHub Plugin, Deployment Plugin, Description Column Plugin, Diawi Upload Plugin, DigitalOcean Plugin, Dingding Plugin, Distributed Fork Plugin, DRY Plugin, Dynamic Extended Choice Parameter Plugin, Dynatrace Application Monitoring Plugin, Eagle Tester Plugin, ECS Publisher Plugin, ECX Copy Data Management Plugin, eggPlant Plugin, ElasTest Plugin, ElasticBox CI Plugin, ElectricFlow Plugin, elOyente Plugin, Email Extension Plugin, Email Extension Template Plugin, Embeddable Build Status Plugin, Extended Choice Parameter Plugin, Extra Columns Plugin, Fabric Beta Publisher Plugin, Favorite Plugin, Filesystem Trigger Plugin, FindBugs Plugin, FitNesse Plugin, Flaky Test Handler Plugin, Fortify CloudScan Plugin, Fortify on Demand Plugin, Fortify on Demand Uploader Plugin, Fortify Plugin, FTP Publisher Plugin, Gatling Plugin, Gearman Plugin, Gem Publisher Plugin, Generic Webhook Trigger Plugin, Gerrit Trigger Plugin, Gitea Plugin, global-build-stats Plugin, Global Post Script Plugin, Gogs Plugin, Google Compute Engine Plugin, Google Login Plugin, Google OAuth Credentials Plugin, Google Play Android Publisher Plugin, Groovy Plugin, Groovy Postbuild Plugin, Health Advisor by CloudBees Plugin, Hipchat Plugin, HockeyApp Plugin, HP ALM Quality Center Plugin, HTML Publisher Plugin, Hyper.sh Commons Plugin, iceScrum Plugin, Implied Labels Plugin, Inedo BuildMaster Plugin, Inedo ProGet Plugin, InfluxDB Plugin, Jabber Notifier and Control Plugin, Jabber Server Plugin, JClouds Plugin, JenkinsAppDynamics Dashboard Plugin, jira-ext Plugin, Jira Issue Updater Plugin, Jira Plugin, JMS Messaging Plugin, Job, Job Config History Plugin, Job Import Plugin, JSGames Plugin, JUnit Plugin, JX Resources Plugin, Kanboard Plugin, Kiuwan Plugin, Klaros-Testmanagement Plugin, Klocwork Analysis Plugin, Kmap Plugin, Koji Plugin, Link Column Plugin, Liquibase Runner Plugin, Literate Plugin, Lockable Resources Plugin, Logstash Plugin, Log Parser Plugin, mabl Plugin, Mac Plugin, Mailer Plugin, Mail Commander Plugin for Jenkins-ci Plugin, Markdown Formatter Plugin, Mashup Portlets Plugin, Mask Passwords Plugin, Matrix Authorization Strategy Plugin, Mattermost Notification Plugin, Maven Artifact ChoiceListProvider Plugin, Maven Cascade Release Plugin, Maven Integration Plugin, Maven Plugin, Maven Release Plugin, meliora-testlab Plugin, Mercurial Plugin, Mesos Plugin, Minio Storage Plugin, Mission Control Plugin, Monitoring plugin, Multijob Plugin, NeoLoad Plugin, Nerrvana Plugin, Nested View Plugin, NeuVector Vulnerability Scanner Plugin, Node Ownership Plugin, Nomad Plugin, Nuget Plugin, NUnit Plugin, OctopusDeploy Plugin, Official OWASP ZAP Plugin, ontrack Plugin, OpenId Connect Authentication Plugin, openid Plugin, Open STF Plugin, OWASP Dependency-Track Plugin, P4 Plugin, PAM Authentication Plugin, Parameterized Remote Trigger Plugin, Parasoft Environment Manager Plugin, Parasoft Findings Plugin, PegDown Formatter Plugin, Perfecto Mobile Plugin, Perfecto Plugin, Perforce Plugin, Persona Plugin, Pipeline Aggregator View Plugin, Pipeline: AWS Steps Plugin, Pipeline: Classpath Step Plugin, Pipeline Groovy Plugin, Pipeline Maven Integration Plugin, Pipeline Remote Loader Plugin, Pipeline: Supporting APIs Plugin, Play Framework Plugin, Plugin Installation Manager Tool, PMD Plugin, Port Allocator Plugin, Promoted Builds Plugin, PRQA Plugin, Publisher Over CIFS Plugin, Quality Gates Plugin, Queue Cleanup Plugin, RadarGun Plugin, Radiator View Plugin, RapidDeploy Plugin, Rebuilder Plugin, Release Plugin, Relution Enterprise Appstore Publisher Plugin, Repository Connector Plugin, requests-plugin, Resource Disposer Plugin, REST List Parameter Plugin, Robert Sandell and Tomas Westling Build Failure Analyzer Plugin, Robot Framework Plugin, Role-based Authorization Strategy Plugin, Rundeck Plugin, S3 Plugin, S3 publisher Plugin, S3 Publisher Plugin, SaltStack Plugin, Sametime Plugin, SAML Plugin, Scriptler Plugin, Script Security Plugin, SCTMExecutor Plugin, Selection tasks Plugin, Selenium Plugin, Self-Organizing Swarm Plug-in Modules Plugin, Serena SRA Deploy Plugin, Shared Groovy Libraries Plugin, Shared Objects Plugin, Simple Travis Pipeline Runner Plugin, SiteMonitor Plugin, SMS Notification Plugin, SOASTA CloudTest Plugin, Sonargraph Integration Plugin, SonarQube Scanner Plugin, Sonarsource Jenkins Plugin, Sonar Gerrit Plugin, Sounds Plugin, SourceGear Vault Plugin, Speaks! Plugin, Spira Importer Plugin, StarTeam Plugin, Stash Branch Parameter Plugin, Static Analysis Utilities Plugin, Storable Configs Plugin, Subversion Partial Release Manager Plugin, Subversion Plugin, Subversion Release Manager Plugin, Support Core Plugin, Swarm Plugin Client, TAP Plugin, Team Concert Plugin, Team Foundation Server, Team Foundation Server Plugin, Templating Engine Plugin, TestFairy Plugin, TestLink Plugin, TICS Plugin, Timestamper Plugin, Tinfoil Security Plugin, Token Macro Plugin, TraceTronic ECU-TEST Plugin, Trac Publisher Plugin, Translation Assistance Plugin, Upload to pgyer Plugin, URLTrigger Plugin, useMango Runner Plugin, Valgrind Plugin, Validating String Parameter Plugin, veracode-scanner Plugin, vFabric Application Director Plugin, Visualizer Plugin, Visualworks Store Plugin, VMware Lab Manager Slaves Plugin, VncRecorder Plugin, VncViewer Plugin, vSphere Plugin, VS Team Services Continuous Deployment Plugin, Wall Display Plugin, Warnings Next Generation Plugin, Warnings NG Plugin, Warnings Plugin, WebSphere Deployer Plugin, Weibo Plugin, White Source Plugin, Xcode Integration Plugin, XebiaLabs XL Deploy Plugin, XL TestView Plugin, Yaml Axis Plugin, youtrack-plugin Plugin, ZAP Pipeline Plugin, Zephyr Enterprise Test Management Plugin, zOS Connector Plugin, Zulip Plugin

08/31/20215.55.5Nested View Plugin XML Transformer xml external entity referenceNested View PluginNot DefinedNot Defined0.04CVE-2021-21680
08/31/20213.53.5Azure AD Plugin URL cross-site request forgeryAzure AD PluginNot DefinedNot Defined0.00CVE-2021-21679
08/31/20213.53.5SAML Plugin cross-site request forgerySAML PluginNot DefinedNot Defined0.00CVE-2021-21678
08/31/20213.53.5Nomad Plugin config.xml credentials storageNomad PluginNot DefinedNot Defined0.00CVE-2021-21681
07/01/20215.05.0requests-plugin cross-site request forgeryrequests-pluginNot DefinedNot Defined0.00CVE-2021-21675
07/01/20214.64.6requests-plugin HTTP Endpoint authorizationrequests-pluginNot DefinedNot Defined0.04CVE-2021-21676
07/01/20213.53.5requests-plugin authorizationrequests-pluginNot DefinedNot Defined0.00CVE-2021-21674
07/01/20214.94.9CAS Plugin redirectCAS PluginNot DefinedNot Defined0.03CVE-2021-21673
06/20/20217.67.6Generic Webhook Trigger Plugin xml external entity referenceGeneric Webhook Trigger PluginNot DefinedNot Defined0.03CVE-2021-21669
06/16/20213.53.5Scriptler Plugin cross site scriptingScriptler PluginNot DefinedNot Defined0.04CVE-2021-21668
06/16/20213.53.5Scriptler Plugin Job Configuration cross site scriptingScriptler PluginNot DefinedNot Defined0.03CVE-2021-21667
06/10/20213.53.5Kiuwan Plugin Query Parameter cross site scriptingKiuwan PluginNot DefinedNot Defined0.02CVE-2021-21666
06/10/20213.53.5XebiaLabs XL Deploy Plugin cross-site request forgeryXebiaLabs XL Deploy PluginNot DefinedNot Defined0.08CVE-2021-21665
06/10/20214.64.6XebiaLabs XL Deploy Plugin authorizationXebiaLabs XL Deploy PluginNot DefinedNot Defined0.03CVE-2021-21664
06/10/20214.64.6XebiaLabs XL Deploy Plugin authorizationXebiaLabs XL Deploy PluginNot DefinedNot Defined0.05CVE-2021-21663
06/10/20213.53.5XebiaLabs XL Deploy Plugin authorizationXebiaLabs XL Deploy PluginNot DefinedNot Defined0.06CVE-2021-21662
05/26/20213.53.5Markdown Formatter Plugin Description cross site scriptingMarkdown Formatter PluginNot DefinedNot Defined0.04CVE-2021-21660
05/26/20215.55.5URLTrigger Plugin xml external entity referenceURLTrigger PluginNot DefinedNot Defined0.05CVE-2021-21659
05/26/20215.55.5Nuget Plugin xml external entity referenceNuget PluginNot DefinedNot Defined0.02CVE-2021-21658
05/26/20215.55.5Filesystem Trigger Plugin xml external entity referenceFilesystem Trigger PluginNot DefinedNot Defined0.05CVE-2021-21657
05/12/20213.53.5Dashboard View Plugin Image Dashboard Portlet cross site scriptingDashboard View PluginNot DefinedNot Defined0.00CVE-2021-21649
05/12/20213.53.5Credentials Plugin cross site scriptingCredentials PluginNot DefinedNot Defined0.02CVE-2021-21648
05/12/20215.55.5Xcode Integration Plugin XML Parser xml external entity referenceXcode Integration PluginNot DefinedNot Defined0.03CVE-2021-21656
05/12/20213.53.5P4 Plugin cross-site request forgeryP4 PluginNot DefinedNot Defined0.07CVE-2021-21655
05/12/20215.55.5S3 Publisher Plugin HTTP Endpoint Read authorizationS3 Publisher PluginNot DefinedNot Defined0.03CVE-2021-21651

Do you need the next level of professionalism?

Upgrade your account now!