Jenkins

Jenkins

256 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2017-2602

  • EPSS 0.17%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).

3.5

CVE-2017-2603

  • EPSS 0.02%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

4.3

CVE-2017-2604

  • EPSS 0.09%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

5.4

CVE-2017-2610

  • EPSS 0.06%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).

4.3

CVE-2017-2600

  • EPSS 0.03%
  • Veröffentlicht 15.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).

8.8

CVE-2017-2608

  • EPSS 2.98%
  • Veröffentlicht 15.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

5.5

CVE-2017-2612

  • EPSS 0.12%
  • Veröffentlicht 15.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

5.4

CVE-2017-2601

  • EPSS 0.33%
  • Veröffentlicht 10.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and description...

4.3

CVE-2017-2606

  • EPSS 0.08%
  • Veröffentlicht 08.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) tha...

4.3

CVE-2017-2611

  • EPSS 0.29%
  • Veröffentlicht 08.05.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jen...