| Max CVSS | 7.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10383 | 3.5 |
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages
|
25-10-2023 - 18:16 | 28-08-2019 - 16:15 | |
| CVE-2019-10384 | 6.8 |
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
|
25-10-2023 - 18:16 | 28-08-2019 - 16:15 | |
| CVE-2019-9514 | 7.8 |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
|
19-10-2023 - 03:15 | 13-08-2019 - 21:15 | |
| CVE-2019-9512 | 7.8 |
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this d
|
12-08-2022 - 18:41 | 13-08-2019 - 21:15 |