Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-20 | CVE-2019-1003027 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Octopusdeploy A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | 4.3 |
| 2019-02-20 | CVE-2019-1003026 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Mattermost A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | 4.3 |
| 2019-02-20 | CVE-2019-1003025 | Missing Authorization vulnerability in Jenkins Cloud Foundry A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-02-20 | CVE-2019-1003024 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | 8.8 |
| 2019-02-06 | CVE-2019-1003023 | Cross-site Scripting vulnerability in Jenkins Warnings Next Generation 1.0.0/1.0.1 A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. | 6.1 |
| 2019-02-06 | CVE-2019-1003022 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Monitoring 1.73.0/1.73.1/1.74.0 A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. | 6.5 |
| 2019-02-06 | CVE-2019-1003021 | Information Exposure vulnerability in Jenkins Openid Connect Authentication An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. | 4.3 |
| 2019-02-06 | CVE-2019-1003020 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Kanboard A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | 4.3 |
| 2019-02-06 | CVE-2019-1003019 | Session Fixation vulnerability in Jenkins Github Oauth An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 5.9 |
| 2019-02-06 | CVE-2019-1003018 | Information Exposure vulnerability in Jenkins Github Oauth An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. | 4.3 |