Jenkins CVE Numbers Authority

The Jenkins project is a CVE Numbers Authority (CNA) for Jenkins and Jenkins plugins published by the Jenkins project (listed on and/or hosted in the jenkinsci GitHub organization). This means that the Jenkins project assigns CVE IDs for vulnerabilities in these components.


Contact us at if you have any questions about the Jenkins CNA.

CVE Assignment Process

CVEs for privately reported and tracked security vulnerabilities are assigned shortly (several hours to a few days) before publication in a security advisory.