Max CVSS 7.5 Min CVSS 3.5 Total Count30
IDCVSSSummaryLast (major) updatePublished
CVE-2017-2598 4.0
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
23-05-2018 - 09:29 23-05-2018 - 09:29
CVE-2017-2609 4.0
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2017-2607 3.5
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content w
21-05-2018 - 19:29 21-05-2018 - 19:29
CVE-2017-2613 5.8
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user r
15-05-2018 - 18:29 15-05-2018 - 18:29
CVE-2017-2610 3.5
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2604 4.0
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2603 3.5
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2602 4.0
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2612 5.5
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
15-05-2018 - 16:29 15-05-2018 - 16:29
CVE-2017-2608 6.5
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
15-05-2018 - 16:29 15-05-2018 - 16:29
CVE-2017-2600 4.0
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
15-05-2018 - 16:29 15-05-2018 - 16:29
CVE-2017-2601 3.5
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and description
10-05-2018 - 09:29 10-05-2018 - 09:29
CVE-2017-2606 4.0
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) tha
08-05-2018 - 16:29 08-05-2018 - 16:29
CVE-2017-2611 4.0
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jen
08-05-2018 - 14:29 08-05-2018 - 14:29
CVE-2017-2599 5.5
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
11-04-2018 - 12:29 11-04-2018 - 12:29
CVE-2017-2605 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000362. Reason: This candidate is a duplicate of CVE-2017-1000362. A vendor reference identifier was mistakenly treated as a CVE ID. Notes: All CVE users should reference CVE-2017
24-07-2017 - 13:29 24-07-2017 - 13:29
CVE-2013-2186 7.5
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name i
28-11-2016 - 14:09 28-10-2013 - 17:55
CVE-2011-4969 4.3
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
28-11-2016 - 14:07 08-03-2013 - 17:55
CVE-2014-3679 5.0
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.
15-07-2016 - 11:01 16-10-2014 - 15:55
CVE-2014-3678 4.3
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15-07-2016 - 11:01 10-10-2014 - 10:55
CVE-2014-3681 4.3
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28-06-2016 - 13:17 15-10-2014 - 10:55
CVE-2014-3680 4.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
15-06-2016 - 10:34 16-10-2014 - 15:55
CVE-2014-3667 4.0
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
15-06-2016 - 10:34 16-10-2014 - 15:55
CVE-2014-3666 7.5
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
15-06-2016 - 10:33 16-10-2014 - 15:55
CVE-2014-3664 4.0
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
15-06-2016 - 10:33 15-10-2014 - 10:55
CVE-2014-3663 6.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
15-06-2016 - 09:36 16-10-2014 - 15:55
CVE-2014-3662 5.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
14-06-2016 - 14:48 16-10-2014 - 15:55
CVE-2014-3661 5.0
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
13-06-2016 - 19:45 16-10-2014 - 15:55
CVE-2014-1869 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF q
23-03-2016 - 10:55 07-02-2014 - 19:55
CVE-2015-0886 5.0
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi
24-09-2015 - 13:03 27-02-2015 - 21:59
Back to Top Mark selected
Back to Top