Vulnerabilities > Jenkins > Jenkins > 1.409.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 6.8 |
2017-12-06 | CVE-2017-17383 | Cross-site Scripting vulnerability in Jenkins Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | 3.5 |
2017-09-12 | CVE-2014-9635 | 7PK - Security Features vulnerability in Jenkins Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 5.0 |
2017-09-12 | CVE-2014-9634 | 7PK - Security Features vulnerability in Jenkins Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | 5.0 |
2017-07-17 | CVE-2017-1000362 | Information Exposure vulnerability in Jenkins The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. | 5.0 |
2017-01-12 | CVE-2016-9299 | LDAP Injection vulnerability in multiple products The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | 9.8 |
2016-05-17 | CVE-2016-3727 | Information Exposure vulnerability in Jenkins The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. | 4.0 |
2016-05-17 | CVE-2016-3726 | Open Redirection vulnerability in Jenkins Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. | 5.8 |
2016-05-17 | CVE-2016-3725 | Permissions, Privileges, and Access Controls vulnerability in Jenkins Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. | 5.0 |
2016-05-17 | CVE-2016-3724 | Information Exposure vulnerability in multiple products Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. | 4.0 |