products / jenkins
Jenkins
Jenkins is a widely deployed automation server with a large plugin surface. NVD uses jenkins:jenkins as the canonical application CPE. Historical CloudBees-prefixed CPE rows deprecate to this namespace.
api usage
Querying Jenkins
product slug
jenkinsversion format
2.441, 2.426.3bash
curl "https://api.attestd.io/v1/check?product=jenkins&version=2.441" \
-H "Authorization: Bearer $ATTESTD_KEY"Weekly release 2.441 falls before the 2.442 fix for CVE-2024-23897 (CVSS 9.8, CISA KEV): an arbitrary file read via the CLI / args4j @ file expansion, heavily abused in ransomware campaigns.
json
{
"product": "jenkins",
"version": "2.441",
"supported": true,
"risk_state": "critical",
"risk_factors": ["remote_code_execution", "actively_exploited", "patch_available"],
"actively_exploited": true,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "2.442",
"confidence": 0.95,
"cve_ids": ["CVE-2024-23897"],
"last_updated": "2026-05-11T00:00:00Z"
}patched line
2.450 is a representative weekly release after the 2.442 security fix window. Always confirm against your exact LTS train (for example 2.426.3+) in NVD ranges.
bash
curl "https://api.attestd.io/v1/check?product=jenkins&version=2.450" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | CVSS |
|---|---|---|
CVE-2024-23897 | Arbitrary file read via CLI (CISA KEV). | 9.8 |
CVE-2024-23898 | CSRF cross-domain WebSocket leak (paired fix). | 8.8 |
CVE-2023-27898 | JSONP user search endpoint exposure. | 8.8 |
related