CVE-2018-1999047 CVSS:4.0
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. (Last Update:2018-10-26) (Publish Update:2018-08-23)
CVE-2018-1999046 CVSS:4.0
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. (Last Update:2018-10-16) (Publish Update:2018-08-23)
CVE-2018-1999045 CVSS:5.5
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. (Last Update:2018-10-29) (Publish Update:2018-08-23)
CVE-2018-1999044 CVSS:4.0
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. (Last Update:2018-10-16) (Publish Update:2018-08-23)
CVE-2018-1999043 CVSS:5.0
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. (Last Update:2018-10-26) (Publish Update:2018-08-23)
CVE-2018-1999042 CVSS:5.0
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. (Last Update:2018-10-26) (Publish Update:2018-08-23)
CVE-2018-1999041 CVSS:2.1
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. (Last Update:2018-10-03) (Publish Update:2018-08-01)
CVE-2018-1999040 CVSS:4.0
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. (Last Update:2018-10-03) (Publish Update:2018-08-01)
CVE-2018-1999039 CVSS:4.0
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. (Last Update:2018-10-15) (Publish Update:2018-08-01)
CVE-2018-1999038 CVSS:4.9
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. (Last Update:2018-10-15) (Publish Update:2018-08-01)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com