Filtered by vendor Jenkins
Subscriptions
Total
1603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-1999029 | 1 Jenkins | 1 Shelve Project | 2022-10-03 | N/A |
A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | ||||
CVE-2018-1999028 | 1 Jenkins | 1 Accurev | 2022-10-03 | N/A |
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2022-10-03 | N/A |
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
CVE-2018-1999025 | 1 Jenkins | 1 Tracetronic Ecu-test | 2022-10-03 | N/A |
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | ||||
CVE-2018-1999006 | 1 Jenkins | 1 Jenkins | 2022-10-03 | N/A |
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade. | ||||
CVE-2018-1000109 | 1 Jenkins | 1 Google-play-android-publisher | 2022-10-03 | N/A |
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. | ||||
CVE-2018-1000114 | 1 Jenkins | 1 Promoted Builds | 2022-10-03 | N/A |
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. | ||||
CVE-2018-1000150 | 1 Jenkins | 1 Reverse Proxy Auth | 2022-10-03 | N/A |
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. | ||||
CVE-2018-1000175 | 1 Jenkins | 1 Html Publisher | 2022-10-03 | N/A |
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | ||||
CVE-2018-1000609 | 1 Jenkins | 1 Configuration As Code | 2022-10-03 | N/A |
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. | ||||
CVE-2018-1000011 | 1 Jenkins | 1 Findbugs | 2022-10-03 | N/A |
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | ||||
CVE-2018-1000107 | 1 Jenkins | 1 Job And Node Ownership | 2022-10-03 | N/A |
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. | ||||
CVE-2018-1000198 | 1 Jenkins | 1 Black Duck Hub | 2022-10-03 | N/A |
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. | ||||
CVE-2018-1000197 | 1 Jenkins | 1 Black Duck Hub | 2022-10-03 | N/A |
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration. | ||||
CVE-2018-1000196 | 1 Jenkins | 1 Gitlab Hook | 2022-10-03 | N/A |
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token. | ||||
CVE-2018-1000189 | 1 Jenkins | 1 Absint Astree | 2022-10-03 | N/A |
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master. | ||||
CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2022-10-03 | N/A |
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
CVE-2018-1000015 | 1 Jenkins | 1 Pipeline Nodes And Processes | 2022-10-03 | N/A |
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier. | ||||
CVE-2018-1000603 | 1 Jenkins | 1 Openstack Cloud | 2022-10-03 | N/A |
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. | ||||
CVE-2018-1000601 | 1 Jenkins | 1 Ssh Credentials | 2022-10-03 | N/A |
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. |