Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-12 | CVE-2019-10400 | Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 |
| 2019-09-12 | CVE-2019-10399 | Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 |
| 2019-09-12 | CVE-2019-10398 | Insufficiently Protected Credentials vulnerability in Jenkins Beaker Builder Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 5.5 |
| 2019-09-12 | CVE-2019-10397 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Security Severless Scanner Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 3.1 |
| 2019-09-12 | CVE-2019-10396 | Cross-site Scripting vulnerability in Jenkins Dashboard View Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 5.4 |
| 2019-09-12 | CVE-2019-10395 | Cross-site Scripting vulnerability in Jenkins Build Environment Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | 5.4 |
| 2019-09-12 | CVE-2019-10394 | Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 |
| 2019-09-12 | CVE-2019-10393 | Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | 4.2 |
| 2019-09-12 | CVE-2019-10392 | OS Command Injection vulnerability in Jenkins GIT Client Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | 8.8 |
| 2019-08-28 | CVE-2019-10391 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins IBM Application Security on Cloud Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 6.5 |