Max CVSS 6.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-10405 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
02-11-2023 - 21:30 25-09-2019 - 16:15
CVE-2019-10406 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
02-11-2023 - 21:30 25-09-2019 - 16:15
CVE-2019-10404 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as l
02-11-2023 - 21:30 25-09-2019 - 16:15
CVE-2019-10402 3.5
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
02-11-2023 - 21:06 25-09-2019 - 16:15
CVE-2019-10403 3.5
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
02-11-2023 - 21:06 25-09-2019 - 16:15
CVE-2019-10401 3.5
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically
02-11-2023 - 21:06 25-09-2019 - 16:15
CVE-2019-10328 6.5
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
25-10-2023 - 18:16 31-05-2019 - 15:29
CVE-2019-11840 4.3
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 25
17-06-2023 - 00:15 09-05-2019 - 16:29
CVE-2017-15137 5.0
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
12-02-2023 - 23:28 16-07-2018 - 20:29
CVE-2018-14632 4.0
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service whi
07-02-2023 - 22:18 06-09-2018 - 14:29
CVE-2017-15138 4.0
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
09-10-2019 - 23:24 13-08-2018 - 17:29
CVE-2018-1000169 5.0
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker
31-07-2019 - 03:15 16-04-2018 - 09:58
Back to Top Mark selected
Back to Top