Filtered by vendor Jenkins
Subscriptions
Total
1612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1999045 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. | ||||
| CVE-2018-1999044 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | ||||
| CVE-2018-1999043 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. | ||||
| CVE-2018-1999042 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | ||||
| CVE-2018-1999041 | 1 Jenkins | 1 Tinfoil Security | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. | ||||
| CVE-2018-1999040 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
| CVE-2018-1999039 | 1 Jenkins | 1 Confluence Publisher | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. | ||||
| CVE-2018-1999038 | 1 Jenkins | 1 Publish Over Cifs | 2024-11-21 | N/A |
| A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. | ||||
| CVE-2018-1999037 | 1 Jenkins | 1 Resource Disposer | 2024-11-21 | N/A |
| A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. | ||||
| CVE-2018-1999036 | 1 Jenkins | 1 Ssh Agent | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. | ||||
| CVE-2018-1999035 | 1 Jenkins | 1 Inedo Buildmaster | 2024-11-21 | N/A |
| A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. | ||||
| CVE-2018-1999034 | 1 Jenkins | 1 Inedo Proget | 2024-11-21 | N/A |
| A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. | ||||
| CVE-2018-1999031 | 1 Jenkins | 1 Meliora Testlab | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. | ||||
| CVE-2018-1999030 | 1 Jenkins | 1 Maven Artifact Choicelistprovider \(nexus\) | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
| CVE-2018-1999029 | 1 Jenkins | 1 Shelve Project | 2024-11-21 | N/A |
| A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | ||||
| CVE-2018-1999028 | 1 Jenkins | 1 Accurev | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
| CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
| CVE-2018-1999026 | 1 Jenkins | 1 Tracetronic Ecu-test | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. | ||||
| CVE-2018-1999025 | 1 Jenkins | 1 Tracetronic Ecu-test | 2024-11-21 | N/A |
| A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | ||||
| CVE-2018-1999007 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. | ||||