Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-15 | CVE-2017-2613 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. | 5.4 |
| 2018-05-15 | CVE-2017-2610 | Cross-site Scripting vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388). | 5.4 |
| 2018-05-15 | CVE-2017-2604 | Improper Authentication vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). | 4.3 |
| 2018-05-15 | CVE-2017-2603 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. | 3.5 |
| 2018-05-15 | CVE-2017-2602 | Unspecified vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. | 4.3 |
| 2018-05-15 | CVE-2017-2612 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. | 5.4 |
| 2018-05-15 | CVE-2017-2608 | Deserialization of Untrusted Data vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383). | 8.8 |
| 2018-05-15 | CVE-2017-2600 | Information Exposure vulnerability in Jenkins In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. | 4.3 |
| 2018-05-10 | CVE-2017-2601 | Unspecified vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). | 5.4 |
| 2018-05-08 | CVE-2017-2606 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). | 4.3 |