Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-03-09
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-03-09
Updated
2018-10-30
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.24%
Published
2013-02-24
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.12%
Published
2013-03-19
Updated
2023-02-13
Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.
Max CVSS
4.0
EPSS Score
0.25%
Published
2013-03-19
Updated
2016-06-13
Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.
Max CVSS
4.0
EPSS Score
2.29%
Published
2013-03-19
Updated
2016-06-13
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
Max CVSS
4.3
EPSS Score
3.34%
Published
2013-12-31
Updated
2017-08-29
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
Max CVSS
4.0
EPSS Score
0.13%
Published
2014-10-17
Updated
2016-06-13
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
Max CVSS
4.3
EPSS Score
0.19%
Published
2014-10-17
Updated
2016-06-13
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.24%
Published
2014-10-15
Updated
2023-02-13
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-16
Updated
2023-02-13
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-16
Updated
2023-02-13
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-10-15
Updated
2023-02-13
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Max CVSS
4.6
EPSS Score
0.27%
Published
2015-10-16
Updated
2016-06-15
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
Max CVSS
4.3
EPSS Score
0.22%
Published
2015-10-16
Updated
2016-06-15
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.
Max CVSS
4.3
EPSS Score
0.22%
Published
2015-10-16
Updated
2016-06-15
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
Max CVSS
4.3
EPSS Score
0.09%
Published
2015-11-25
Updated
2019-12-17
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
Max CVSS
4.3
EPSS Score
0.20%
Published
2016-05-17
Updated
2018-01-05
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
Max CVSS
4.3
EPSS Score
0.15%
Published
2016-05-17
Updated
2018-01-05
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.15%
Published
2016-05-17
Updated
2018-01-05
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
Max CVSS
4.3
EPSS Score
0.11%
Published
2018-05-23
Updated
2019-10-09
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
Max CVSS
4.3
EPSS Score
0.15%
Published
2018-05-15
Updated
2019-10-09
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
Max CVSS
4.3
EPSS Score
0.10%
Published
2018-05-15
Updated
2019-10-09
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
Max CVSS
4.3
EPSS Score
0.11%
Published
2018-05-15
Updated
2019-10-09
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.
Max CVSS
4.3
EPSS Score
0.19%
Published
2018-05-08
Updated
2019-10-09
344 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!