CVE-2017-2607
- EPSS 1.06%
- Veröffentlicht 21.05.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:49
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content w...
CVE-2017-2613
- EPSS 1.69%
- Veröffentlicht 15.05.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:49
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user r...
CVE-2017-2602
- EPSS 1.61%
- Veröffentlicht 15.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
CVE-2017-2603
- EPSS 1.07%
- Veröffentlicht 15.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
CVE-2017-2604
- EPSS 1.35%
- Veröffentlicht 15.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
CVE-2017-2610
- EPSS 1.51%
- Veröffentlicht 15.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:49
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
CVE-2017-2600
- EPSS 1.1%
- Veröffentlicht 15.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
CVE-2017-2608
- EPSS 6.31%
- Veröffentlicht 15.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:49
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
CVE-2017-2612
- EPSS 1.58%
- Veröffentlicht 15.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:49
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
CVE-2017-2601
- EPSS 2.15%
- Veröffentlicht 10.05.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and description...