Max CVSS 10.0 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-10405 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
02-11-2023 - 21:30 25-09-2019 - 16:15
CVE-2019-10406 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
02-11-2023 - 21:30 25-09-2019 - 16:15
CVE-2019-10404 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as l
02-11-2023 - 21:30 25-09-2019 - 16:15
CVE-2019-10402 3.5
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
02-11-2023 - 21:06 25-09-2019 - 16:15
CVE-2019-10403 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
02-11-2023 - 21:06 25-09-2019 - 16:15
CVE-2019-10401 3.5
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically
02-11-2023 - 21:06 25-09-2019 - 16:15
CVE-2019-10328 6.5
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
25-10-2023 - 18:16 31-05-2019 - 15:29
CVE-2019-7609 10.0
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly le
08-09-2023 - 23:15 25-03-2019 - 19:29
CVE-2019-11840 4.3
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 25
17-06-2023 - 00:15 09-05-2019 - 16:29
CVE-2019-11249 5.8
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s ma
02-10-2020 - 16:45 29-08-2019 - 01:15
CVE-2019-11247 6.5
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings w
02-10-2020 - 16:21 29-08-2019 - 01:15
CVE-2019-7608 4.3
Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
27-09-2019 - 05:15 25-03-2019 - 19:29
CVE-2019-7610 9.3
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascrip
30-07-2019 - 22:15 25-03-2019 - 19:29
Back to Top Mark selected
Back to Top