Jenkins Official Owasp Zap — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Official Owasp Zap, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2019-1003060 — CVSS 8.8 (high): Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be…
CVE-2026-57301 — CVSS 8.8 (high): Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing…