Vulnerabilities > Jenkins > Jenkins > 1.329
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-15 | CVE-2017-2603 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. | 3.5 |
| 2018-05-15 | CVE-2017-2602 | Security Bypass vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. | 4.0 |
| 2018-05-15 | CVE-2017-2612 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | 5.5 |
| 2018-05-15 | CVE-2017-2608 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383). | 6.5 |
| 2018-05-15 | CVE-2017-2600 | Information Exposure vulnerability in Jenkins In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. | 4.0 |
| 2018-05-10 | CVE-2017-2601 | Cross-site Scripting vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). | 5.4 |
| 2018-05-08 | CVE-2017-2606 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). | 4.0 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.0 |
| 2018-04-16 | CVE-2018-1000170 | Cross-site Scripting vulnerability in Jenkins A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 3.5 |
| 2018-04-16 | CVE-2018-1000169 | Information Exposure vulnerability in Jenkins An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | 5.0 |