| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-2067 | 3.5 |
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
|
29-08-2017 - 01:34 | 01-03-2014 - 00:01 | |
| CVE-2014-2059 | 6.5 |
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
|
29-08-2017 - 01:34 | 01-03-2014 - 00:01 | |
| CVE-2014-2068 | 3.5 |
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
|
13-06-2016 - 23:43 | 17-10-2014 - 15:55 | |
| CVE-2014-2066 | 6.8 |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
|
13-06-2016 - 23:40 | 17-10-2014 - 15:55 | |
| CVE-2014-2065 | 4.3 |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
|
13-06-2016 - 23:39 | 17-10-2014 - 15:55 | |
| CVE-2014-2064 | 5.0 |
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
|
13-06-2016 - 23:38 | 17-10-2014 - 15:55 | |
| CVE-2014-2062 | 6.5 |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
|
13-06-2016 - 23:36 | 17-10-2014 - 15:55 | |
| CVE-2014-2063 | 7.5 |
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
13-06-2016 - 23:36 | 17-10-2014 - 15:55 | |
| CVE-2014-2061 | 5.0 |
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
|
13-06-2016 - 23:35 | 17-10-2014 - 15:55 | |
| CVE-2014-2060 | 5.0 |
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
|
13-06-2016 - 23:34 | 17-10-2014 - 15:55 | |
| CVE-2014-2058 | 6.5 |
BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomple
|
13-06-2016 - 23:32 | 17-10-2014 - 15:55 | |
| CVE-2013-7330 | 4.0 |
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
|
13-06-2016 - 23:27 | 17-10-2014 - 15:55 |