Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.06%
  • Veröffentlicht 21.05.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content w...

  • EPSS 1.69%
  • Veröffentlicht 15.05.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user r...

  • EPSS 1.61%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).

  • EPSS 1.07%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

  • EPSS 1.35%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

  • EPSS 1.51%
  • Veröffentlicht 15.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).

  • EPSS 1.1%
  • Veröffentlicht 15.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).

  • EPSS 6.31%
  • Veröffentlicht 15.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

  • EPSS 1.58%
  • Veröffentlicht 15.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:49

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

  • EPSS 2.15%
  • Veröffentlicht 10.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:48

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and description...