Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-23 | CVE-2018-1000008 | XXE vulnerability in Jenkins PMD Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | 8.8 |
| 2017-12-06 | CVE-2017-17383 | Cross-site Scripting vulnerability in Jenkins Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | 4.7 |
| 2017-11-01 | CVE-2017-1000245 | Insufficiently Protected Credentials vulnerability in Jenkins SSH The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. | 9.8 |
| 2017-11-01 | CVE-2017-1000244 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 8.8 |
| 2017-11-01 | CVE-2017-1000243 | Missing Authorization vulnerability in Jenkins Favorite Plugin Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | 4.3 |
| 2017-11-01 | CVE-2017-1000242 | Information Exposure vulnerability in Jenkins GIT Client Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | 3.3 |
| 2017-10-05 | CVE-2017-1000114 | Information Exposure vulnerability in Jenkins Datadog The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. | 3.1 |
| 2017-10-05 | CVE-2017-1000113 | Information Exposure vulnerability in Jenkins Deploy The Deploy to container Plugin stored passwords unencrypted as part of its configuration. | 5.5 |
| 2017-10-05 | CVE-2017-1000110 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 4.3 |
| 2017-10-05 | CVE-2017-1000109 | Cross-site Scripting vulnerability in Jenkins Owasp Dependency-Check The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 6.1 |