Every CVE whose affected-product data names Jenkins Assembla, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-37961 — CVSS 8.8 (high): A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into…
CVE-2026-57303 — CVSS 7.1 (high): Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers…
CVE-2019-10420 — CVSS 5.5 (medium): Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by…
CVE-2026-57304 — CVSS 5.4 (medium): A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an…
CVE-2026-57305 — CVSS 5.4 (medium): A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an…