Jenkins

Jenkins

251 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2018-1000861

Warning
  • EPSS 94.49%
  • Published 10.12.2018 14:29:01
  • Last modified 14.03.2025 18:22:36

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java object...

4.3

CVE-2018-1000862

  • EPSS 0.22%
  • Published 10.12.2018 14:29:01
  • Last modified 21.11.2024 03:40:31

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyon...

8.2

CVE-2018-1000863

Exploit
  • EPSS 8.89%
  • Published 10.12.2018 14:29:01
  • Last modified 21.11.2024 03:40:31

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, poten...

6.5

CVE-2018-1000864

  • EPSS 0.23%
  • Published 10.12.2018 14:29:01
  • Last modified 21.11.2024 03:40:31

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

6.5

CVE-2018-1999047

  • EPSS 0.11%
  • Published 23.08.2018 18:29:01
  • Last modified 21.11.2024 03:57:08

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.

5.3

CVE-2018-1999042

  • EPSS 0.23%
  • Published 23.08.2018 18:29:00
  • Last modified 21.11.2024 03:57:07

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

7.5

CVE-2018-1999043

  • EPSS 0.33%
  • Published 23.08.2018 18:29:00
  • Last modified 21.11.2024 03:57:07

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log ...

6.5

CVE-2018-1999044

  • EPSS 0.14%
  • Published 23.08.2018 18:29:00
  • Last modified 21.11.2024 03:57:07

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

5.5

CVE-2018-1999045

  • EPSS 0.12%
  • Published 23.08.2018 18:29:00
  • Last modified 21.11.2024 03:57:07

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.

4.3

CVE-2018-1999046

  • EPSS 0.19%
  • Published 23.08.2018 18:29:00
  • Last modified 21.11.2024 03:57:08

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.