Vulnerabilities > Jenkins > Jenkins > 1.539
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-29 | CVE-2017-1000355 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | 4.0 |
2018-01-29 | CVE-2017-1000354 | Improper Authentication vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. | 6.5 |
2018-01-29 | CVE-2017-1000353 | Deserialization of Untrusted Data vulnerability in multiple products Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. | 7.5 |
2018-01-26 | CVE-2017-1000401 | Improper Input Validation vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. | 1.2 |
2018-01-26 | CVE-2017-1000400 | Missing Authorization vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. | 4.0 |
2018-01-26 | CVE-2017-1000399 | Information Exposure vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). | 4.0 |
2018-01-26 | CVE-2017-1000398 | Information Exposure vulnerability in Jenkins The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. | 4.0 |
2018-01-26 | CVE-2017-1000396 | Improper Certificate Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | 4.3 |
2018-01-26 | CVE-2017-1000395 | Information Exposure vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. | 4.0 |
2018-01-26 | CVE-2017-1000394 | Improper Input Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. | 5.0 |