Jenkins

Jenkins

251 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2018-1000861

Warnung
  • EPSS 94.49%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 14.03.2025 18:22:36

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java object...

4.3

CVE-2018-1000862

  • EPSS 0.22%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyon...

8.2

CVE-2018-1000863

Exploit
  • EPSS 8.89%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, poten...

6.5

CVE-2018-1000864

  • EPSS 0.23%
  • Veröffentlicht 10.12.2018 14:29:01
  • Zuletzt bearbeitet 21.11.2024 03:40:31

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

6.5

CVE-2018-1999047

  • EPSS 0.11%
  • Veröffentlicht 23.08.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:57:08

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.

5.3

CVE-2018-1999042

  • EPSS 0.23%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

7.5

CVE-2018-1999043

  • EPSS 0.33%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log ...

6.5

CVE-2018-1999044

  • EPSS 0.14%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

5.5

CVE-2018-1999045

  • EPSS 0.12%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.

4.3

CVE-2018-1999046

  • EPSS 0.19%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:08

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.