CVE-2020-2104
- EPSS 1.07%
- Veröffentlicht 29.01.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:38
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
CVE-2020-2105
- EPSS 1.85%
- Veröffentlicht 29.01.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:38
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
CVE-2012-4441
- EPSS 1.87%
- Veröffentlicht 18.11.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 01:42:54
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVE-2012-4440
- EPSS 1.87%
- Veröffentlicht 18.11.2019 22:15:10
- Zuletzt bearbeitet 21.11.2024 01:42:54
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.
CVE-2012-4438
- EPSS 2.39%
- Veröffentlicht 18.11.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 01:42:53
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
CVE-2012-4439
- EPSS 1.85%
- Veröffentlicht 18.11.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 01:42:53
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
CVE-2019-10401
- EPSS 1.03%
- Veröffentlicht 25.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:19:03
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically ...
CVE-2019-10402
- EPSS 1.03%
- Veröffentlicht 25.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:19:03
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
CVE-2019-10403
- EPSS 1.03%
- Veröffentlicht 25.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:19:03
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
CVE-2019-10404
- EPSS 1.03%
- Veröffentlicht 25.09.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:19:03
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as l...