| Max CVSS | 4.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-1000390 | 4.0 |
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
|
24-08-2020 - 17:37 | 26-01-2018 - 02:29 | |
| CVE-2017-1000388 | 4.0 |
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.
|
24-08-2020 - 17:37 | 26-01-2018 - 02:29 | |
| CVE-2017-1000387 | 2.1 |
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allow
|
03-10-2019 - 00:03 | 26-01-2018 - 02:29 | |
| CVE-2017-1000386 | 3.5 |
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could i
|
11-06-2019 - 20:18 | 26-01-2018 - 02:29 | |
| CVE-2017-1000389 | 4.3 |
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting
|
12-02-2018 - 12:52 | 26-01-2018 - 02:29 |