Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.24%
  • Veröffentlicht 25.03.2020 17:15:15
  • Zuletzt bearbeitet 21.11.2024 05:24:49

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to defin...

  • EPSS 1.16%
  • Veröffentlicht 25.03.2020 17:15:15
  • Zuletzt bearbeitet 21.11.2024 05:24:49

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.

  • EPSS 1.16%
  • Veröffentlicht 25.03.2020 17:15:15
  • Zuletzt bearbeitet 21.11.2024 05:24:50

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.

  • EPSS 1.99%
  • Veröffentlicht 25.03.2020 17:15:14
  • Zuletzt bearbeitet 21.11.2024 05:24:49

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.

  • EPSS 3.35%
  • Veröffentlicht 24.02.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 01:35:43

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "th...

  • EPSS 1.01%
  • Veröffentlicht 29.01.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:37

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which...

  • EPSS 3.44%
  • Veröffentlicht 29.01.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:37

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.

  • EPSS 1.37%
  • Veröffentlicht 29.01.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:37

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.

  • EPSS 1.4%
  • Veröffentlicht 29.01.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:37

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.

  • EPSS 7.04%
  • Veröffentlicht 29.01.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:24:38

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.