| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1999045 |
287 |
|
|
2018-08-23 |
2018-10-29 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. |
|
2 |
CVE-2018-1999043 |
399 |
|
DoS |
2018-08-23 |
2018-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. |
|
3 |
CVE-2018-1999042 |
502 |
|
|
2018-08-23 |
2018-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. |
|
4 |
CVE-2018-1999035 |
295 |
|
|
2018-08-01 |
2018-10-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. |
|
5 |
CVE-2018-1999034 |
295 |
|
|
2018-08-01 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. |
|
6 |
CVE-2018-1999025 |
295 |
|
|
2018-08-01 |
2018-10-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. |
|
7 |
CVE-2018-1999002 |
20 |
|
|
2018-07-23 |
2018-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to. |
|
8 |
CVE-2018-1000605 |
295 |
|
|
2018-06-26 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. |
|
9 |
CVE-2018-1000417 |
352 |
|
CSRF |
2019-01-09 |
2019-01-22 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates. |
|
10 |
CVE-2018-1000414 |
352 |
|
CSRF |
2019-01-09 |
2019-01-22 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions. |
|
11 |
CVE-2018-1000402 |
200 |
|
+Info |
2018-07-09 |
2018-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later. |
|
12 |
CVE-2018-1000197 |
285 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. |
|
13 |
CVE-2018-1000194 |
22 |
|
Dir. Trav. Bypass |
2018-06-05 |
2018-07-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. |
|
14 |
CVE-2018-1000188 |
918 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
15 |
CVE-2018-1000184 |
918 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
16 |
CVE-2018-1000182 |
918 |
|
|
2018-06-05 |
2018-07-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. |
|
17 |
CVE-2018-1000174 |
601 |
|
|
2018-05-08 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. |
|
18 |
CVE-2018-1000169 |
200 |
|
+Info |
2018-04-16 |
2018-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. |
|
19 |
CVE-2018-1000112 |
285 |
|
|
2018-03-13 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. |
|
20 |
CVE-2018-1000111 |
285 |
|
|
2018-03-13 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. |
|
21 |
CVE-2018-1000110 |
285 |
|
|
2018-03-13 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. |
|
22 |
CVE-2018-1000106 |
285 |
|
|
2018-03-13 |
2018-04-04 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. |
|
23 |
CVE-2018-1000068 |
20 |
|
|
2018-02-15 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. |
|
24 |
CVE-2018-1000067 |
200 |
|
+Info |
2018-02-15 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. |
|
25 |
CVE-2017-1000394 |
20 |
|
|
2018-01-25 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins. |
|
26 |
CVE-2017-1000362 |
200 |
|
+Info |
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
|
27 |
CVE-2017-1000245 |
255 |
|
|
2017-11-01 |
2017-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. |
|
28 |
CVE-2017-1000108 |
200 |
|
+Info |
2017-10-04 |
2017-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. |
|
29 |
CVE-2017-1000106 |
264 |
|
|
2017-10-04 |
2017-11-01 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name. |
|
30 |
CVE-2017-1000105 |
275 |
|
|
2017-10-04 |
2017-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient. |
|
31 |
CVE-2017-1000089 |
264 |
|
|
2017-10-04 |
2017-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. |
|
32 |
CVE-2017-2613 |
352 |
|
CSRF |
2018-05-15 |
2018-06-20 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406). |
|
33 |
CVE-2017-2612 |
254 |
|
|
2018-05-15 |
2018-06-20 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. |
|
34 |
CVE-2017-2599 |
275 |
|
|
2018-04-11 |
2018-05-22 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321). |
|
35 |
CVE-2016-4987 |
22 |
|
Dir. Trav. |
2017-02-09 |
2017-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. |
|
36 |
CVE-2016-4986 |
22 |
|
Dir. Trav. |
2017-02-09 |
2017-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. |
|
37 |
CVE-2016-3726 |
|
|
|
2016-05-17 |
2018-01-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. |
|
38 |
CVE-2016-3725 |
264 |
|
DoS |
2016-05-17 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). |
|
39 |
CVE-2016-0790 |
254 |
|
|
2016-04-07 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. |
|
40 |
CVE-2015-5324 |
264 |
|
+Info |
2015-11-25 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. |
|
41 |
CVE-2015-5322 |
22 |
|
Dir. Trav. |
2015-11-25 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. |
|
42 |
CVE-2015-5321 |
200 |
|
+Info |
2015-11-25 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages. |
|
43 |
CVE-2015-5320 |
200 |
|
+Info |
2015-11-25 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. |
|
44 |
CVE-2015-5319 |
|
|
|
2015-11-25 |
2016-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. |
|
45 |
CVE-2015-5317 |
200 |
|
+Info |
2015-11-25 |
2016-06-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. |
|
46 |
CVE-2014-9635 |
254 |
|
+Info |
2017-09-12 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. |
|
47 |
CVE-2014-9634 |
254 |
|
|
2017-09-12 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. |
|
48 |
CVE-2014-3662 |
200 |
|
+Info |
2014-10-16 |
2016-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. |
|
49 |
CVE-2014-3661 |
399 |
|
DoS |
2014-10-16 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. |
|
50 |
CVE-2014-2064 |
200 |
|
+Info |
2014-10-17 |
2016-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. |
