| Max CVSS | 5.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-5262 | 4.3 |
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang)
|
13-02-2023 - 00:52 | 27-10-2015 - 16:59 | |
| CVE-2018-1000106 | 5.5 |
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000109 | 4.0 |
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000110 | 5.0 |
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000111 | 5.0 |
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000107 | 4.0 |
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Config
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000112 | 5.0 |
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000104 | 2.1 |
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extensi
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000114 | 4.0 |
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000105 | 4.0 |
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration inform
|
03-10-2019 - 00:03 | 13-03-2018 - 13:29 | |
| CVE-2018-1000108 | 4.3 |
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.
|
04-04-2018 - 14:49 | 13-03-2018 - 13:29 | |
| CVE-2018-1000113 | 3.5 |
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScr
|
04-04-2018 - 14:49 | 13-03-2018 - 13:29 |