Vulnerabilities > Jenkins > Jenkins > 1.649
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-26 | CVE-2017-1000393 | OS Command Injection vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. | 9.0 |
| 2018-01-26 | CVE-2017-1000392 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | 3.5 |
| 2018-01-26 | CVE-2017-1000391 | Improper Input Validation vulnerability in Jenkins Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. | 4.9 |
| 2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 6.8 |
| 2017-12-06 | CVE-2017-17383 | Cross-site Scripting vulnerability in Jenkins Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | 3.5 |
| 2017-01-12 | CVE-2016-9299 | LDAP Injection vulnerability in multiple products The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | 9.8 |
| 2016-05-17 | CVE-2016-3727 | Information Exposure vulnerability in Jenkins The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. | 4.0 |
| 2016-05-17 | CVE-2016-3726 | Open Redirection vulnerability in Jenkins Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. | 5.8 |
| 2016-05-17 | CVE-2016-3725 | Permissions, Privileges, and Access Controls vulnerability in Jenkins Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. | 5.0 |
| 2016-05-17 | CVE-2016-3724 | Information Exposure vulnerability in multiple products Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. | 4.0 |