Jenkins

Jenkins

251 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2018-1000195

  • EPSS 0.7%
  • Published 05.06.2018 21:29:00
  • Last modified 21.11.2024 03:39:54

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn...

4.3

CVE-2017-2598

  • EPSS 0.06%
  • Published 23.05.2018 13:29:00
  • Last modified 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

4.3

CVE-2017-2609

  • EPSS 0.08%
  • Published 22.05.2018 17:29:00
  • Last modified 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for...

5.4

CVE-2017-2607

  • EPSS 0.05%
  • Published 21.05.2018 23:29:00
  • Last modified 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content w...

5.8

CVE-2017-2613

  • EPSS 0.06%
  • Published 15.05.2018 22:29:00
  • Last modified 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user r...

4.3

CVE-2017-2602

  • EPSS 0.17%
  • Published 15.05.2018 21:29:00
  • Last modified 21.11.2024 03:23:48

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).

3.5

CVE-2017-2603

  • EPSS 0.02%
  • Published 15.05.2018 21:29:00
  • Last modified 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

4.3

CVE-2017-2604

  • EPSS 0.09%
  • Published 15.05.2018 21:29:00
  • Last modified 21.11.2024 03:23:48

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

5.4

CVE-2017-2610

  • EPSS 0.06%
  • Published 15.05.2018 21:29:00
  • Last modified 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).

4.3

CVE-2017-2600

  • EPSS 0.03%
  • Published 15.05.2018 20:29:00
  • Last modified 21.11.2024 03:23:48

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).