Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-17246 7.5
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to a
14-08-2020 - 17:30 20-12-2018 - 22:29
CVE-2018-1999043 5.0
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log
03-10-2019 - 00:03 23-08-2018 - 18:29
CVE-2018-1000408 6.4
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on ins
03-10-2019 - 00:03 09-01-2019 - 23:29
CVE-2018-1000409 5.8
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one w
08-05-2019 - 22:23 09-01-2019 - 23:29
CVE-2018-1000410 2.1
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descript
08-05-2019 - 22:23 09-01-2019 - 23:29
CVE-2018-1000407 4.3
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML
08-05-2019 - 22:23 09-01-2019 - 23:29
CVE-2018-1000406 4.0
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name out
08-05-2019 - 22:23 09-01-2019 - 23:29
CVE-2018-1000997 4.0
A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java
08-05-2019 - 22:23 23-01-2019 - 22:29
Back to Top Mark selected
Back to Top