| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1999047 |
275 |
|
|
2018-08-23 |
2018-10-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. |
|
2 |
CVE-2018-1999046 |
200 |
|
+Info |
2018-08-23 |
2018-10-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. |
|
3 |
CVE-2018-1999044 |
399 |
|
DoS |
2018-08-23 |
2018-10-16 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. |
|
4 |
CVE-2018-1999040 |
255 |
|
|
2018-08-01 |
2018-10-03 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
5 |
CVE-2018-1999039 |
918 |
|
|
2018-08-01 |
2018-10-15 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. |
|
6 |
CVE-2018-1999038 |
441 |
|
|
2018-08-01 |
2018-10-15 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. |
|
7 |
CVE-2018-1999037 |
20 |
|
|
2018-08-01 |
2018-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. |
|
8 |
CVE-2018-1999036 |
255 |
|
|
2018-08-01 |
2018-10-03 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. |
|
9 |
CVE-2018-1999031 |
200 |
|
+Info |
2018-08-01 |
2018-10-01 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. |
|
10 |
CVE-2018-1999030 |
255 |
|
|
2018-08-01 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
11 |
CVE-2018-1999028 |
255 |
|
|
2018-08-01 |
2018-10-01 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
12 |
CVE-2018-1999026 |
918 |
|
|
2018-08-01 |
2018-10-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. |
|
13 |
CVE-2018-1999006 |
200 |
|
+Info |
2018-07-23 |
2018-09-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade. |
|
14 |
CVE-2018-1999004 |
285 |
|
|
2018-07-23 |
2018-09-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches. |
|
15 |
CVE-2018-1999003 |
285 |
|
|
2018-07-23 |
2018-09-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. |
|
16 |
CVE-2018-1999001 |
264 |
|
|
2018-07-23 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users. |
|
17 |
CVE-2018-1000610 |
255 |
|
+Info |
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. |
|
18 |
CVE-2018-1000609 |
200 |
|
+Info |
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. |
|
19 |
CVE-2018-1000608 |
255 |
|
|
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. |
|
20 |
CVE-2018-1000607 |
20 |
|
|
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. |
|
21 |
CVE-2018-1000606 |
918 |
|
|
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
22 |
CVE-2018-1000603 |
255 |
|
+Info |
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. |
|
23 |
CVE-2018-1000602 |
384 |
|
|
2018-06-26 |
2018-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session. |
|
24 |
CVE-2018-1000601 |
200 |
|
+Info |
2018-06-26 |
2018-08-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. |
|
25 |
CVE-2018-1000600 |
255 |
|
+Info |
2018-06-26 |
2018-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
26 |
CVE-2018-1000198 |
611 |
|
|
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. |
|
27 |
CVE-2018-1000196 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token. |
|
28 |
CVE-2018-1000195 |
352 |
|
|
2018-06-05 |
2018-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not. |
|
29 |
CVE-2018-1000193 |
19 |
|
|
2018-06-05 |
2018-08-01 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. |
|
30 |
CVE-2018-1000192 |
200 |
|
+Info |
2018-06-05 |
2018-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. |
|
31 |
CVE-2018-1000191 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
32 |
CVE-2018-1000190 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
33 |
CVE-2018-1000187 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. |
|
34 |
CVE-2018-1000186 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
35 |
CVE-2018-1000185 |
918 |
|
|
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
36 |
CVE-2018-1000183 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
37 |
CVE-2018-1000176 |
200 |
|
+Info |
2018-05-08 |
2018-06-13 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password. |
|
38 |
CVE-2018-1000175 |
22 |
|
Dir. Trav. |
2018-05-08 |
2018-06-13 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. |
|
39 |
CVE-2018-1000173 |
384 |
|
|
2018-05-08 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. |
|
40 |
CVE-2018-1000148 |
200 |
|
+Info |
2018-04-05 |
2018-05-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system. |
|
41 |
CVE-2018-1000144 |
79 |
|
XSS |
2018-04-05 |
2018-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. |
|
42 |
CVE-2018-1000114 |
285 |
|
|
2018-03-13 |
2018-04-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. |
|
43 |
CVE-2018-1000109 |
285 |
|
|
2018-03-13 |
2018-04-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. |
|
44 |
CVE-2018-1000108 |
79 |
|
XSS |
2018-03-13 |
2018-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed. |
|
45 |
CVE-2018-1000107 |
285 |
|
|
2018-03-13 |
2018-04-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. |
|
46 |
CVE-2018-1000105 |
285 |
|
|
2018-03-13 |
2018-04-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins. |
|
47 |
CVE-2018-1000057 |
255 |
|
|
2018-02-09 |
2018-03-06 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password. |
|
48 |
CVE-2018-1000015 |
275 |
|
|
2018-01-23 |
2018-02-08 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier. |
|
49 |
CVE-2018-6356 |
22 |
|
Dir. Trav. |
2018-02-20 |
2018-03-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. |
|
50 |
CVE-2017-1000505 |
200 |
|
+Info |
2018-01-25 |
2018-02-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval. |
