| Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-10320 | 4.0 |
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containin
|
25-10-2023 - 18:16 | 21-05-2019 - 13:29 | |
| CVE-2019-10328 | 6.5 |
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
|
25-10-2023 - 18:16 | 31-05-2019 - 15:29 | |
| CVE-2019-1003049 | 6.8 |
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these
|
25-10-2023 - 18:16 | 10-04-2019 - 21:29 | |
| CVE-2019-1003050 | 3.5 |
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to c
|
25-10-2023 - 18:16 | 10-04-2019 - 21:29 | |
| CVE-2019-1003049 | 6.8 |
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these
|
29-09-2020 - 18:36 | 10-04-2019 - 21:29 |