1. Home
  2. CVEs with refmap.confirm==https://jenkins.io/security/advisory/2018-03-26/
Max CVSS 6.8 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-1000149 6.8
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlay
24-08-2020 - 17:37 05-04-2018 - 13:29
CVE-2018-1000145 5.0
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt the
03-10-2019 - 00:03 05-04-2018 - 13:29
CVE-2018-1000152 6.5
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderV
03-10-2019 - 00:03 05-04-2018 - 13:29
CVE-2018-1000146 6.5
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
03-10-2019 - 00:03 05-04-2018 - 13:29
CVE-2018-8718 6.0
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
04-03-2019 - 19:55 27-03-2018 - 16:29
CVE-2018-1000153 6.8
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, Fold
15-05-2018 - 18:10 05-04-2018 - 13:29
CVE-2018-1000148 4.0
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master
15-05-2018 - 17:17 05-04-2018 - 13:29
CVE-2018-1000142 2.1
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
15-05-2018 - 15:39 05-04-2018 - 13:29
CVE-2018-1000150 2.1
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in us
15-05-2018 - 15:30 05-04-2018 - 13:29
CVE-2018-1000143 2.1
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials.
15-05-2018 - 15:30 05-04-2018 - 13:29
CVE-2018-1000147 4.0
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obta
15-05-2018 - 15:19 05-04-2018 - 13:29
CVE-2018-1000151 6.8
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.
15-05-2018 - 15:16 05-04-2018 - 13:29
CVE-2018-1000144 4.3
A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing a
15-05-2018 - 12:02 05-04-2018 - 13:29
Back to Top Mark selected
Back to Top