Filtered by vendor Jenkins
Subscriptions
Filtered by product Jenkins
Subscriptions
Total
246 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27899 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2024-08-02 | 7.0 High |
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. | ||||
CVE-2023-27900 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-02 | 7.5 High |
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service. | ||||
CVE-2023-27904 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2024-08-02 | 5.3 Medium |
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | ||||
CVE-2023-27901 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-02 | 7.5 High |
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. | ||||
CVE-2023-27898 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2024-08-02 | 9.6 Critical |
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. | ||||
CVE-2024-23898 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2024-08-01 | 8.8 High |
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. |