Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-23	CVE-2018-1999043	Missing Release of Resource after Effective Lifetime vulnerability in Jenkins A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. network low complexity jenkins CWE-772	7.5
2018-08-23	CVE-2018-1999042	Deserialization of Untrusted Data vulnerability in Jenkins A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. network low complexity jenkins CWE-502	5.3
2018-08-06	CVE-2017-2654	Information Exposure vulnerability in Jenkins Email Extension jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. network low complexity jenkins CWE-200	5.3
2018-08-01	CVE-2018-1999041	Information Exposure vulnerability in Jenkins Tinfoil Security An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. local low complexity jenkins CWE-200	5.5
2018-08-01	CVE-2018-1999040	Information Exposure vulnerability in Jenkins Kubernetes An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. network low complexity jenkins CWE-200	8.8
2018-08-01	CVE-2018-1999039	Server-Side Request Forgery (SSRF) vulnerability in Jenkins Confluence Publisher A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. network low complexity jenkins CWE-918	4.3
2018-08-01	CVE-2018-1999038	Confused Deputy vulnerability in Jenkins Publish Over Cifs A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. network high complexity jenkins CWE-441	4.2
2018-08-01	CVE-2018-1999037	Improper Input Validation vulnerability in Jenkins Resource Disposer A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. network low complexity jenkins CWE-20	4.3
2018-08-01	CVE-2018-1999036	Information Exposure Through Log Files vulnerability in Jenkins SSH Agent An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. network low complexity jenkins CWE-532	6.5
2018-08-01	CVE-2018-1999035	Improper Certificate Validation vulnerability in Jenkins Inedo Buildmaster 1.0/1.2/1.3 A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. network high complexity jenkins CWE-295	7.4

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins