Jenkins

Jenkins

256 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-1000406

  • EPSS 10.91%
  • Veröffentlicht 09.01.2019 23:29:02
  • Zuletzt bearbeitet 21.11.2024 03:39:59

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name out...

6.1

CVE-2018-1000407

  • EPSS 0.31%
  • Veröffentlicht 09.01.2019 23:29:02
  • Zuletzt bearbeitet 21.11.2024 03:40:00

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML...

6.5

CVE-2018-1000408

  • EPSS 0.15%
  • Veröffentlicht 09.01.2019 23:29:02
  • Zuletzt bearbeitet 21.11.2024 03:40:00

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on ins...

5.8

CVE-2018-1000409

  • EPSS 0.07%
  • Veröffentlicht 09.01.2019 23:29:02
  • Zuletzt bearbeitet 21.11.2024 03:40:00

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one w...

7.8

CVE-2018-1000410

  • EPSS 0.13%
  • Veröffentlicht 09.01.2019 23:29:02
  • Zuletzt bearbeitet 21.11.2024 03:40:00

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descript...

10

CVE-2018-1000861

Warnung
  • EPSS 94.49%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 05.11.2025 19:23:34

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java object...

4.3

CVE-2018-1000862

  • EPSS 0.21%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyon...

8.2

CVE-2018-1000863

Exploit
  • EPSS 7.56%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, poten...

6.5

CVE-2018-1000864

  • EPSS 0.22%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

6.5

CVE-2018-1999047

  • EPSS 0.11%
  • Veröffentlicht 23.08.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:57:08

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.