Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2017-1000504 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization.
network
high complexity
jenkins CWE-352
8.1
8.1
2018-01-24 CVE-2017-1000503 Race Condition vulnerability in Jenkins
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization.
network
high complexity
jenkins CWE-362
8.1
8.1
2018-01-24 CVE-2017-1000502 OS Command Injection vulnerability in Jenkins EC2
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched.
network
low complexity
jenkins CWE-78
8.8
8.8
2018-01-23 CVE-2018-1000015 Missing Authorization vulnerability in Jenkins Pipeline Nodes and Processes
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents.
network
low complexity
jenkins CWE-862
4.8
4.8
2018-01-23 CVE-2018-1000014 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000012 XXE vulnerability in Jenkins Warnings
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000011 XXE vulnerability in Jenkins Findbugs
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000010 XXE vulnerability in Jenkins DRY
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000009 XXE vulnerability in Jenkins Checkstyle
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8