Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-11	CVE-2019-10331	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Electricflow A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. network low complexity jenkins CWE-352	4.3
2019-05-31	CVE-2019-10328	Protection Mechanism Failure vulnerability in Jenkins Pipeline Remote Loader Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. network low complexity jenkins CWE-693 critical	9.9
2019-05-31	CVE-2019-10327	XXE vulnerability in Jenkins Pipeline Maven Integration An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. network low complexity jenkins CWE-611	8.1
2019-05-31	CVE-2019-10326	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings Next Generation 5.0.0 A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. network low complexity jenkins CWE-352	4.3
2019-05-31	CVE-2019-10325	Cross-site Scripting vulnerability in Jenkins Warnings Next Generation A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. network low complexity jenkins CWE-79	5.4
2019-05-21	CVE-2019-10320	File and Directory Information Exposure vulnerability in Jenkins Credentials Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate. network low complexity jenkins CWE-538	4.3
2019-05-21	CVE-2019-10319	Missing Authorization vulnerability in Jenkins Pluggable Authentication Module A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as. network low complexity jenkins CWE-862	4.3
2019-04-30	CVE-2019-10318	Insufficiently Protected Credentials vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. network low complexity jenkins CWE-522	8.8
2019-04-30	CVE-2019-10317	Improper Certificate Validation vulnerability in Jenkins Sitemonitor Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. network high complexity jenkins CWE-295	5.9
2019-04-30	CVE-2019-10316	Insufficiently Protected Credentials vulnerability in Jenkins Aqua Microscanner Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. network low complexity jenkins CWE-522	8.8

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins