Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-05 | CVE-2018-1000148 | Information Exposure vulnerability in Jenkins Copy to Slave An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system. | 6.5 |
| 2018-04-05 | CVE-2018-1000146 | Unspecified vulnerability in Jenkins Liquibase Runner An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. | 8.8 |
| 2018-04-05 | CVE-2018-1000145 | Information Exposure vulnerability in Jenkins Perforce An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them. | 6.5 |
| 2018-04-05 | CVE-2018-1000144 | Cross-site Scripting vulnerability in Jenkins Cucumber Living Documentation A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | 6.1 |
| 2018-04-05 | CVE-2018-1000143 | Information Exposure vulnerability in Jenkins Github Pull Request Builder An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | 6.7 |
| 2018-04-05 | CVE-2018-1000142 | Information Exposure vulnerability in Jenkins Github Pull Request Builder An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | 7.8 |
| 2018-03-27 | CVE-2018-8718 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | 8.0 |
| 2018-03-13 | CVE-2018-1000114 | Incorrect Authorization vulnerability in Jenkins Promoted Builds An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. | 4.3 |
| 2018-03-13 | CVE-2018-1000113 | Cross-site Scripting vulnerability in Jenkins Testlink A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. | 5.4 |
| 2018-03-13 | CVE-2018-1000112 | Incorrect Authorization vulnerability in Jenkins Mercurial An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |