Jenkins workflow-cps-plugin Vulnerabilities
CVE security advisories and vulnerability history for workflow-cps-plugin by Jenkins.
Last updated
Overview
Jenkins workflow-cps-plugin has 14 published CVE records since 2017, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 7.7.
This page aggregates every publicly disclosed vulnerability (CVE) affecting Jenkins workflow-cps-plugin, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of Jenkins workflow-cps-plugin's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
In CISA’s Known Exploited Vulnerabilities catalog
1
One of Jenkins workflow-cps-plugin's CVEs is confirmed exploited in the wild.
Public exploits
2
2 of Jenkins workflow-cps-plugin's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every Jenkins workflow-cps-plugin version named in a CVE, then pick one to see only the CVEs that affect it.
Specific versions
- workflow-cps-2.014 CVEs
- workflow-cps-2.114 CVEs
- workflow-cps-2.1014 CVEs
- workflow-cps-2.1114 CVEs
- workflow-cps-2.1214 CVEs
- workflow-cps-2.1314 CVEs
- workflow-cps-2.1414 CVEs
- workflow-cps-2.1514 CVEs
- workflow-cps-2.1614 CVEs
- workflow-cps-2.1714 CVEs
- workflow-cps-2.1814 CVEs
- workflow-cps-2.1914 CVEs
- workflow-cps-2.214 CVEs
- workflow-cps-2.2014 CVEs
- workflow-cps-2.2114 CVEs
- workflow-cps-2.2214 CVEs
- workflow-cps-2.2314 CVEs
- workflow-cps-2.2414 CVEs
- workflow-cps-2.2514 CVEs
- workflow-cps-2.2614 CVEs
- workflow-cps-2.2714 CVEs
- workflow-cps-2.2814 CVEs
- workflow-cps-2.2914 CVEs
- workflow-cps-2.314 CVEs
- workflow-cps-2.3014 CVEs
- workflow-cps-2.3114 CVEs
- workflow-cps-2.3214 CVEs
- workflow-cps-2.3314 CVEs
- workflow-cps-2.3414 CVEs
- workflow-cps-2.3514 CVEs
- workflow-cps-2.3614 CVEs
- workflow-cps-2.414 CVEs
- workflow-cps-2.514 CVEs
- workflow-cps-2.614 CVEs
- workflow-cps-2.714 CVEs
- workflow-cps-2.814 CVEs
- workflow-cps-2.914 CVEs
- workflow-cps-2.3913 CVEs
- workflow-cps-2.4013 CVEs
- workflow-cps-2.4113 CVEs
- workflow-cps-2.4213 CVEs
- workflow-cps-2.4313 CVEs
- workflow-cps-2.4413 CVEs
- workflow-cps-2.4513 CVEs
- workflow-cps-2.4613 CVEs
- workflow-cps-2.4713 CVEs
- workflow-cps-2.4813 CVEs
- workflow-cps-2.4913 CVEs
- workflow-cps-2.5013 CVEs
- workflow-cps-2.5113 CVEs
- workflow-cps-2.5213 CVEs
- workflow-cps-2.5313 CVEs
- workflow-cps-2.5413 CVEs
- workflow-cps-2.5513 CVEs
- workflow-cps-2.5613 CVEs
- workflow-cps-2.5713 CVEs
- workflow-cps-2.5813 CVEs
- workflow-cps-2.58-beta-113 CVEs
- workflow-cps-2.5913 CVEs
- workflow-cps-2.6012 CVEs
- workflow-cps-2.6112 CVEs
- workflow-cps-2.6211 CVEs
- workflow-cps-2.6311 CVEs
- workflow-cps-2.6410 CVEs
- workflow-cps-2.659 CVEs
- workflow-cps-2.669 CVEs
- workflow-cps-2.679 CVEs
- workflow-cps-2.689 CVEs
- workflow-cps-2.699 CVEs
- workflow-cps-2.709 CVEs
- workflow-cps-2.719 CVEs
- workflow-cps-2.729 CVEs
- workflow-cps-2.739 CVEs
- workflow-cps-2.749 CVEs
- workflow-cps-2.759 CVEs
- workflow-cps-2.769 CVEs
- workflow-cps-2.779 CVEs
- workflow-cps-2.789 CVEs
- 2633.v6baeedc138058 CVEs
- 2640.v00e79c8113de8 CVEs
- 2644.v29a793dac95a8 CVEs
- 2646.v6ed3b5b01ff18 CVEs
- 2648.va9433432b33c8 CVEs
- workflow-cps-2.798 CVEs
- workflow-cps-2.808 CVEs
- workflow-cps-2.818 CVEs
- workflow-cps-2.828 CVEs
- workflow-cps-2.838 CVEs
- workflow-cps-2.848 CVEs
- workflow-cps-2.858 CVEs
- workflow-cps-2.868 CVEs
- workflow-cps-2.878 CVEs
- workflow-cps-2.888 CVEs
- workflow-cps-2.898 CVEs
- workflow-cps-2.908 CVEs
- workflow-cps-2.918 CVEs
- workflow-cps-2.928 CVEs
- workflow-cps-2.938 CVEs
- workflow-cps-2.948 CVEs
- 2656.vf7a_e7b_75a_4575 CVEs
- 2659.v52d3de6044d05 CVEs
- 2660.vb_c0412dc4e6d5 CVEs
- 2680.vf642ed4fa_d555 CVEs
- 2682.va_473dcddc9415 CVEs
- 2683.vd0a_8f6a_1c2635 CVEs
- 2686.v7c37e05784015 CVEs
- 2687.v3f09155513c15 CVEs
- 2688.v39a_b_e5c49a_655 CVEs
- 2689.v434009a_31b_f14 CVEs
- 2692.v76b_089ccd0264 CVEs
- 2705.v0449852ee36f4 CVEs
- 2706.v71dd22b_c5a_a_24 CVEs
- 2710.vcd48b_b_9e0e7d4 CVEs
- 2725.v7b_c717eb_12ce4 CVEs
- 2729.vea_17b_79ed57a_4 CVEs
- 2746.v0da_83a_3326694 CVEs
- 2759.v87459c4eea_ca_4 CVEs
- 2784.vd252824b_4eb_94 CVEs
- 2801.vf82a_b_b_e3e8a_54 CVEs
- 2802.v5ea_628154b_c24 CVEs
- 3520.va_8fc49e2f96f3 CVEs
- 3536.vb_8a_6628079d53 CVEs
- 3565.v4b_d9b_8c29a_b_33 CVEs
- 3581.v2b_e4c99c76ed3 CVEs
- 3583.v4f58de0d78d53 CVEs
- 3601.v9b_36a_d99e1cc3 CVEs
- 3606.v0b_d8b_e512dcf3 CVEs
- 3611.v201b_d9f9eb_f73 CVEs
- 3616.vb_2e7168f4b_0c3 CVEs
- 3618.v13db_a_21f0fcf3 CVEs
- 3624.v43b_a_38b_62b_b_73 CVEs
- 3626.v4eb_a_7d8b_2fa_43 CVEs
- 3629.v8177e69e359a_3 CVEs
- 3635.vedb_8602eefa_c3 CVEs
- 3637.v63b_c17e0ed5b_3 CVEs
- 3641.vf58904a_b_b_5d83 CVEs
- 3651.ve2e99a_4f4a_e53 CVEs
- 3653.v07ea_433c90b_43 CVEs
- 3659.v582dc37621d83 CVEs
- 3668.v1763b_b_6ccffd3 CVEs
- 3673.v5b_dd742762623 CVEs
- 3691.v28b_14c465a_b_b_3 CVEs
- 3693.vd5c06270e4dc3 CVEs
- 3697.vb_470e454c2323 CVEs
- 3705.va_6a_c2775a_c173 CVEs
- 3713.vd671d43215093 CVEs
- 3717.va_180a_fe9d3cd3 CVEs
- 3722.v85ce2a_c6240b_3 CVEs
- 3726.v83f8cff396c93 CVEs
- 3728.vd5c88eef91543 CVEs
- 3731.ve4b_5b_857b_a_d33 CVEs
- 3732.vb_77c00a_57e123 CVEs
- 3740.v6d35b_4ed5f9f3 CVEs
- 3744.v6f2c0fe0e54d3 CVEs
- 3767.vdd3e0a_65b_ef33 CVEs
- 3769.v8b_e595e4d40d3 CVEs
- 3773.v505e0052522c3 CVEs
- 3774.v4a_d648d409ce3 CVEs
- 3785.vee73da_b_9544e3 CVEs
- 3787.v8f5dcd14a_fa_c3 CVEs
- 3791.va_c0338ea_b_59c3 CVEs
- 3793.v65dec41c3a_c33 CVEs
- 3802.vd42b_fcf00b_a_c3 CVEs
- 3805.v769b_b_74b_db_143 CVEs
- 3806.va_3a_6988277b_23 CVEs
- 3812.vc3031a_b_a_c9553 CVEs
- 3817.vd20b_7e2b_692b_3 CVEs
- 3821.v9d3888c583b_13 CVEs
- 3826.v3b_5707fe44da_3 CVEs
- 3832.vc43e04d6d68c3 CVEs
- 3835.vc2a_8f9167e923 CVEs
- 3837.v305192405b_c03 CVEs
- 3853.vb_a_490d8929633 CVEs
- 3859.v7f65cc8650193 CVEs
- 3867.v535458ce43fd3 CVEs
- 3880.vb_ef4b_5cfd2703 CVEs
- 3883.vb_3ff2a_e3eea_f3 CVEs
- 3889.v937e0b_3412d33 CVEs
- 3894.vd0f0248b_a_fc43 CVEs
- 3903.v48a_8836749e93 CVEs
- 3908.vd6b_b_5a_a_540103 CVEs
- 3922.va_f73b_7c4246b_3 CVEs
- 3943.v3519a_32606603 CVEs
- 3946.v7935cb_edb_f823 CVEs
- 3953.v19f11da_8d2fa_3 CVEs
- 3961.ve48ee2c44a_b_33 CVEs
- 3964.v0767b_4b_a_0b_fa_3 CVEs
- 3969.vdc9d3a_efcc6a_3 CVEs
- 3975.v567e2a_1ffa_223 CVEs
- 3990.vd281dd77a_3883 CVEs
- 3993.v3e20a_37282f82 CVEs
- 3996.va_f5c1799f9782 CVEs
- 4000.v5198556e9cea_2 CVEs
- 4002.v80ca_d0f47d7f2 CVEs
- 4003.vf9c56141493e2 CVEs
- 4007.vd705fc76a_34e2 CVEs
- 4009.v0089238351a_92 CVEs
- 4011.v91e9951fa_d5b_2 CVEs
- 4014.vcd7dc51d8b_302 CVEs
- 4018.vf02e01888da_f2 CVEs
- 4030.v7c3a_975886a_82 CVEs
- 4032.vf3248d9c3fee2 CVEs
- 4039.vd58c465ea_71a_2 CVEs
- 4043.va_fb_de6a_a_8b_f52 CVEs
- 4045.v0efb_cb_7cea_e92 CVEs
- 4046.v90b_1b_9edec672 CVEs
- 4050.v8b_a_69b_587c392 CVEs
- 4080.va_15b_44a_915252 CVEs
- 4106.v7a_8a_8176d4502 CVEs
- 4117.vc0f3c515a_a_a_02 CVEs
- 4146.v475b_8013e2822 CVEs
- 4150.ve20ca_b_a_a_28152 CVEs
- 4151.v5406e29e3c902 CVEs
- 4165.vf547819734da_2 CVEs
- 4168.v7ea_f89c358b_d2 CVEs
- 4169.vb_7e492a_1c7b_e2 CVEs
- 4173.v4a_1fd14533f12 CVEs
- 4175.ve65b_fa_663eed2 CVEs
- 4177.vb_203fe3954452 CVEs
- 4183.v94b_6fd39da_c12 CVEs
- 4204.v2894b_cd7b_92f2 CVEs
- 4209.v83c4e257f1e92 CVEs
- 4218.vff679a_5c0f3a_2 CVEs
- 4238.va_6fb_65c1f6992 CVEs
- 4250.v2eecc0881a_e62 CVEs
- 4252.v465f588eb_52f2 CVEs
- 4253.vc894cd5750c62 CVEs
- 4254.v0c8e228524ea_2 CVEs
- 4255.vd9c37f80fd8a_2 CVEs
- 4256.v991a_f1991c032 CVEs
- 4257.vb_2e2028085772 CVEs
- 4258.v55f7f16915262 CVEs
- 4259.vf653c2b_8a_b_692 CVEs
- 4261.va_1fa_c7e4db_da_2 CVEs
- 4262.va_74628df1ff22 CVEs
- 4263.vd2edf31c1db_02 CVEs
- 4275.vb_0565eb_a_3d362 CVEs
- 4285.v8df38f05c3c52 CVEs
- 4303.v8fa_2a_581f0a_62 CVEs
- 4315.va_e456c4e7f4f2 CVEs
- 4331.v9d06ed4658ff2 CVEs
Version ranges
- <= 3.114 CVEs
Fixed in
- 434009a31bf1ab2aae028c02fe2c4b41dd7c9af91 CVE
- 478dd9e956c3efd5a4caeb2853ed90fe6b43bb541 CVE
14 CVEs
- Medium · CVSS 4.3EPSS 0.3% (19th pct)2026-06-24
- Medium · CVSS 4.3EPSS 0.2% (5th pct)2026-06-24
- High · CVSS 8.0EPSS 0.4% (36th pct)2024-11-13
- Critical vulnerability · 2022-10-19CVE-2022-43402PatchCritical · CVSS 9.9EPSS 1.2% (64th pct)2022-10-19
- High vulnerability · 2022-05-17CVE-2022-30945PatchHigh · CVSS 8.5EPSS 1.3% (68th pct)2022-05-17
- Medium vulnerability · 2022-02-15CVE-2022-25180PatchMedium · CVSS 4.3EPSS 0.5% (41th pct)2022-02-15
- Medium vulnerability · 2022-02-15CVE-2022-25176PatchMedium · CVSS 6.5EPSS 1.7% (75th pct)2022-02-15
- High vulnerability · 2022-02-15CVE-2022-25173PatchHigh · CVSS 8.8EPSS 1.4% (70th pct)2022-02-15
- High vulnerability · 2020-02-12CVE-2020-2109PatchHigh · CVSS 8.8EPSS 1.3% (66th pct)2020-02-12
- Critical vulnerability · 2019-03-28CVE-2019-1003041PatchCritical · CVSS 9.8EPSS 3.4% (87th pct)2019-03-28
- High vulnerability · 2019-03-08
Added to CISA KEV 2022-03-25
High · CVSS 8.7EPSS 75.6% (99th pct)2019-03-08 - High vulnerability · 2019-01-22CVE-2019-1003001Public exploitPatchHigh · CVSS 8.8EPSS 86.2% (100th pct)2019-01-22
- High vulnerability · 2018-12-10CVE-2018-1000866PatchHigh · CVSS 8.8EPSS 1.6% (74th pct)2018-12-10
- High vulnerability · 2017-10-04CVE-2017-1000096PatchHigh · CVSS 8.8EPSS 1.6% (73th pct)2017-10-04
Common weakness types
The CWE weakness categories most often found in Jenkins workflow-cps-plugin CVEs. Follow any weakness for its full explanation.
Disclosure activity by year
How many Jenkins workflow-cps-plugin CVEs were published each year.
Other Jenkins products
Browse vulnerabilities for other products by Jenkins.
Frequently asked questions
Common questions about Jenkins workflow-cps-plugin vulnerabilities.
- How many CVEs does Jenkins workflow-cps-plugin have?
- Jenkins workflow-cps-plugin has 14 published CVE records since 2017.
- How many Jenkins workflow-cps-plugin CVEs are in CISA KEV?
- Yes — 1 of Jenkins workflow-cps-plugin's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Are there public exploits for Jenkins workflow-cps-plugin vulnerabilities?
- Yes — 2 of Jenkins workflow-cps-plugin's CVEs have a known public exploit.
- Which versions of Jenkins workflow-cps-plugin are affected?
- 244 distinct Jenkins workflow-cps-plugin versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
- What are the most common weakness types in Jenkins workflow-cps-plugin CVEs?
- Jenkins workflow-cps-plugin's CVEs most often map to these CWE weakness types: CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-354 (Improper Validation of Integrity Check Value), CWE-470 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')), CWE-693 (Protection Mechanism Failure).
- How many critical Jenkins workflow-cps-plugin vulnerabilities are there?
- Jenkins workflow-cps-plugin has 2 critical and 8 high-severity CVEs.
- What is the average severity of Jenkins workflow-cps-plugin CVEs?
- The average CVSS base score across Jenkins workflow-cps-plugin's scored CVEs is 7.7.
References
- All Jenkins vulnerabilities
- The MITRE CVE Program (opens in a new tab)
- Learn: What is a CVE?
- CWE directory: the weakness types these CVEs map to
Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.
Track Jenkins workflow-cps-plugin vulnerabilities
Monitor new Jenkins workflow-cps-plugin vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.