Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-01 | CVE-2018-1999034 | Improper Certificate Validation vulnerability in Jenkins Inedo Proget A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. | 7.4 |
| 2018-08-01 | CVE-2018-1999031 | Information Exposure vulnerability in Jenkins Meliora Testlab An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. | 6.5 |
| 2018-08-01 | CVE-2018-1999030 | Information Exposure vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus) An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | 5.4 |
| 2018-08-01 | CVE-2018-1999029 | Cross-site Scripting vulnerability in Jenkins Shelve Project A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 5.4 |
| 2018-08-01 | CVE-2018-1999028 | Information Exposure vulnerability in Jenkins Accurev An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | 8.8 |
| 2018-08-01 | CVE-2018-1999027 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saltstack An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | 7.5 |
| 2018-08-01 | CVE-2018-1999026 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Tracetronic Ecu-Test A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. | 6.5 |
| 2018-08-01 | CVE-2018-1999025 | Improper Certificate Validation vulnerability in Jenkins Tracetronic Ecu-Test A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | 7.4 |
| 2018-07-27 | CVE-2017-2652 | Improper Authentication vulnerability in Jenkins Distributed Fork It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes. | 8.8 |
| 2018-07-27 | CVE-2017-2650 | Unspecified vulnerability in Jenkins Pipeline Classpath Step 0.1.0 It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. | 8.5 |