Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-15 | CVE-2017-2602 | Unspecified vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. | 4.3 |
| 2018-05-15 | CVE-2017-2612 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | 5.4 |
| 2018-05-15 | CVE-2017-2608 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383). | 8.8 |
| 2018-05-15 | CVE-2017-2600 | Information Exposure vulnerability in Jenkins In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. | 4.3 |
| 2018-05-10 | CVE-2017-2601 | Unspecified vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). | 5.4 |
| 2018-05-08 | CVE-2017-2606 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). | 4.3 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.3 |
| 2018-05-08 | CVE-2018-1000177 | Cross-site Scripting vulnerability in Jenkins S3 Publisher A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | 5.4 |
| 2018-05-08 | CVE-2018-1000176 | Information Exposure vulnerability in Jenkins Email Extension An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. | 6.5 |
| 2018-05-08 | CVE-2018-1000175 | Path Traversal vulnerability in Jenkins Html Publisher A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | 6.5 |