CVE-2017-2606
- EPSS 1.94%
- Veröffentlicht 08.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) tha...
CVE-2017-2611
- EPSS 2.07%
- Veröffentlicht 08.05.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:49
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jen...
CVE-2018-1000170
- EPSS 0.88%
- Veröffentlicht 16.04.2018 09:58:09
- Zuletzt bearbeitet 21.11.2024 03:39:50
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing Java...
CVE-2018-1000169
- EPSS 1.4%
- Veröffentlicht 16.04.2018 09:58:08
- Zuletzt bearbeitet 21.11.2024 03:39:50
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker...
CVE-2017-2599
- EPSS 1.14%
- Veröffentlicht 11.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:23:48
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
CVE-2018-6356
- EPSS 3.88%
- Veröffentlicht 20.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:32
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Je...
CVE-2018-1000067
- EPSS 1.68%
- Veröffentlicht 16.02.2018 00:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:33
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
CVE-2018-1000068
- EPSS 1.97%
- Veröffentlicht 16.02.2018 00:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:33
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the...
CVE-2017-1000353
- EPSS 99.68%
- Veröffentlicht 29.01.2018 17:29:00
- Zuletzt bearbeitet 05.11.2025 19:24:40
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` obje...
CVE-2017-1000354
- EPSS 1.21%
- Veröffentlicht 29.01.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:31
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successf...