Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-23 | CVE-2018-1000012 | XXE vulnerability in Jenkins Warnings Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2018-01-23 | CVE-2018-1000011 | XXE vulnerability in Jenkins Findbugs Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2018-01-23 | CVE-2018-1000010 | XXE vulnerability in Jenkins DRY Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2018-01-23 | CVE-2018-1000009 | XXE vulnerability in Jenkins Checkstyle Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2018-01-23 | CVE-2018-1000008 | XXE vulnerability in Jenkins PMD Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2017-12-06 | CVE-2017-17383 | Cross-site Scripting vulnerability in Jenkins Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | 4.7 |
| 2017-11-01 | CVE-2017-1000245 | Insufficiently Protected Credentials vulnerability in Jenkins SSH The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. | 9.8 |
| 2017-11-01 | CVE-2017-1000244 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 8.8 |
| 2017-11-01 | CVE-2017-1000243 | Missing Authorization vulnerability in Jenkins Favorite Plugin Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | 4.3 |
| 2017-11-01 | CVE-2017-1000242 | Information Exposure vulnerability in Jenkins GIT Client Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | 3.3 |