Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46650 | 1 Jenkins | 1 Github | 2024-09-17 | 5.4 Medium |
| Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2023-46651 | 1 Jenkins | 1 Warnings | 2024-09-17 | 6.5 Medium |
| Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | ||||
| CVE-2023-46652 | 1 Jenkins | 1 Lambdatest-automation | 2024-09-17 | 4.3 Medium |
| A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | ||||
| CVE-2017-2650 | 1 Jenkins | 1 Pipeline Classpath Step | 2024-09-17 | N/A |
| It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins. | ||||
| CVE-2018-1000177 | 1 Jenkins | 1 S3 Publisher | 2024-09-17 | N/A |
| A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | ||||
| CVE-2018-1000144 | 1 Jenkins | 1 Cucumber Living Documentation | 2024-09-17 | N/A |
| A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | ||||
| CVE-2018-1999038 | 1 Jenkins | 1 Publish Over Cifs | 2024-09-17 | N/A |
| A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. | ||||
| CVE-2018-1999025 | 1 Jenkins | 1 Tracetronic Ecu-test | 2024-09-17 | N/A |
| A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | ||||
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2024-09-17 | N/A |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000106 | 1 Jenkins | 1 Gerrit Trigger | 2024-09-17 | N/A |
| An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. | ||||
| CVE-2018-1000107 | 1 Jenkins | 1 Job And Node Ownership | 2024-09-17 | N/A |
| An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. | ||||
| CVE-2018-1000603 | 1 Jenkins | 1 Openstack Cloud | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | ||||
| CVE-2019-1003007 | 1 Jenkins | 1 Warnings | 2024-09-17 | N/A |
| A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | ||||
| CVE-2018-1000109 | 1 Jenkins | 1 Google-play-android-publisher | 2024-09-17 | N/A |
| An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. | ||||
| CVE-2018-1000183 | 1 Jenkins | 1 Github | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000015 | 1 Jenkins | 1 Pipeline Nodes And Processes | 2024-09-17 | N/A |
| On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier. | ||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | ||||
| CVE-2018-1000609 | 1 Jenkins | 1 Configuration As Code | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | ||||
| CVE-2018-1000197 | 1 Jenkins | 1 Black Duck Hub | 2024-09-17 | N/A |
| An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. | ||||
| CVE-2018-1999040 | 1 Jenkins | 1 Kubernetes | 2024-09-17 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||