Jenkins Matrix Project — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Matrix Project, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-1003031 — CVSS 9.9 (critical): A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript…
CVE-2020-2224 — CVSS 5.4 (medium): Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a…
CVE-2020-2225 — CVSS 5.4 (medium): Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with…
CVE-2022-20615 — CVSS 5.4 (medium): Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions…
CVE-2024-23900 — CVSS 4.3 (medium): Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects…