Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 9 of 9
Filters:
Jenkins | Jenkins Command Line Interface (CLI)

CVE-2024-23897

Jenkins Command Line Interface (CLI) Path Traversal Vulnerability: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

Related CWE: CWE-27

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-19
  • Due Date: 2024-09-09
Additional Notes
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897
RARLAB | WinRAR

CVE-2023-38831

RARLAB WinRAR Code Execution Vulnerability: RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.

Related CWE: CWE-351

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-24
  • Due Date: 2023-09-14
Additional Notes
http://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa; https://nvd.nist.gov/vuln/detail/CVE-2023-38831
Jenkins | Jenkins User Interface (UI)

CVE-2015-5317

Jenkins User Interface (UI) Information Disclosure Vulnerability: Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-12
  • Due Date: 2023-06-02
Additional Notes
https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
RARLAB | UnRAR

CVE-2022-30333

RARLAB UnRAR Directory Traversal Vulnerability: RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

Related CWEs: CWE-22| CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-09
  • Due Date: 2022-08-30
Additional Notes
Vulnerability updated with version 6.12. Accessing link will download update information: https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz; https://nvd.nist.gov/vuln/detail/CVE-2022-30333
Jenkins | Script Security Plugin

CVE-2019-1003029

Jenkins Script Security Plugin Sandbox Bypass Vulnerability: Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1003029
Sudo | Sudo

CVE-2021-3156

Sudo Heap-Based Buffer Overflow Vulnerability: Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

Related CWEs: CWE-122| CWE-193

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-06
  • Due Date: 2022-04-27
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Jenkins | Matrix Project Plugin

CVE-2019-1003030

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability: Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1003030
RARLAB | WinRAR

CVE-2018-20250

WinRAR Absolute Path Traversal Vulnerability: WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution

Related CWE: CWE-36

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-20250
Jenkins | Jenkins Stapler Web Framework

CVE-2018-1000861

Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability: A code execution vulnerability exists in the Stapler web framework used by Jenkins

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-1000861

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now