Vulnerabilities > Jenkins > Jenkins > 2.46.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-1000169 | Information Exposure vulnerability in Jenkins An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | 5.0 |
| 2018-02-20 | CVE-2018-6356 | Path Traversal vulnerability in multiple products Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. | 4.0 |
| 2018-02-16 | CVE-2018-1000068 | Information Exposure vulnerability in multiple products An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. | 5.0 |
| 2018-02-16 | CVE-2018-1000067 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. | 5.0 |
| 2018-01-29 | CVE-2017-1000356 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | 6.8 |
| 2018-01-29 | CVE-2017-1000355 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. | 4.0 |
| 2018-01-29 | CVE-2017-1000354 | Improper Authentication vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. | 6.5 |
| 2018-01-29 | CVE-2017-1000353 | Deserialization of Untrusted Data vulnerability in multiple products Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. | 7.5 |
| 2018-01-26 | CVE-2017-1000401 | Improper Input Validation vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. | 1.2 |
| 2018-01-26 | CVE-2017-1000400 | Missing Authorization vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. | 4.0 |