Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2018-03-27 CVE-2018-8718 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
network
low complexity
jenkins CWE-352
8.0
8.0
2018-03-13 CVE-2018-1000114 Incorrect Authorization vulnerability in Jenkins Promoted Builds
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
network
low complexity
jenkins CWE-863
4.3
4.3
2018-03-13 CVE-2018-1000113 Cross-site Scripting vulnerability in Jenkins Testlink
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g.
network
low complexity
jenkins CWE-79
5.4
5.4
2018-03-13 CVE-2018-1000112 Incorrect Authorization vulnerability in Jenkins Mercurial
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
5.3
2018-03-13 CVE-2018-1000111 Incorrect Authorization vulnerability in Jenkins Subversion
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
5.3
2018-03-13 CVE-2018-1000110 Incorrect Authorization vulnerability in Jenkins GIT
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
5.3
2018-03-13 CVE-2018-1000109 Incorrect Authorization vulnerability in Jenkins Google-Play-Android-Publisher
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.
network
low complexity
jenkins CWE-863
4.3
4.3
2018-03-13 CVE-2018-1000108 Cross-site Scripting vulnerability in Jenkins Cppncss 1.0/1.1
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.
network
low complexity
jenkins CWE-79
6.1
6.1
2018-03-13 CVE-2018-1000107 Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
network
low complexity
jenkins CWE-863
6.5
6.5
2018-03-13 CVE-2018-1000106 Incorrect Authorization vulnerability in Jenkins Gerrit Trigger
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.
network
low complexity
jenkins CWE-863
5.4
5.4