Jenkins

Jenkins

256 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2018-1999042

  • EPSS 0.23%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

7.5

CVE-2018-1999043

  • EPSS 0.33%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log ...

6.5

CVE-2018-1999044

  • EPSS 0.14%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

5.5

CVE-2018-1999045

  • EPSS 0.12%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:07

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled.

4.3

CVE-2018-1999046

  • EPSS 0.19%
  • Veröffentlicht 23.08.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:08

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.

8.8

CVE-2018-1999001

  • EPSS 20.57%
  • Veröffentlicht 23.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:01

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkin...

7.5

CVE-2018-1999002

Exploit
  • EPSS 92.07%
  • Veröffentlicht 23.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:01

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the...

4.3

CVE-2018-1999003

  • EPSS 0.15%
  • Veröffentlicht 23.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:01

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.

4.3

CVE-2018-1999004

  • EPSS 0.2%
  • Veröffentlicht 23.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:01

A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.

5.4

CVE-2018-1999005

  • EPSS 0.16%
  • Veröffentlicht 23.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:01

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be execut...