| Max CVSS | 6.5 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-1000096 | 6.5 |
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2017-1000089 | 5.0 |
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2017-1000085 | 4.3 |
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure
|
02-11-2017 - 16:06 | 05-10-2017 - 01:29 | |
| CVE-2017-1000092 | 2.6 |
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into fo
|
17-10-2017 - 17:02 | 05-10-2017 - 01:29 |