Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-05	CVE-2017-1000108	Information Exposure vulnerability in Jenkins Pipeline-Input-Step The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. network low complexity jenkins CWE-200	7.5
2017-10-05	CVE-2017-1000107	Unspecified vulnerability in Jenkins Script Security 1.30 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. network low complexity jenkins	8.8
2017-10-05	CVE-2017-1000106	Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. network low complexity jenkins CWE-287	8.5
2017-10-05	CVE-2017-1000105	Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. network low complexity jenkins CWE-862	5.3
2017-10-05	CVE-2017-1000104	Improper Privilege Management vulnerability in Jenkins Config File Provider The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. network low complexity jenkins CWE-269	6.5
2017-10-05	CVE-2017-1000103	Cross-site Scripting vulnerability in Jenkins DRY The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. network low complexity jenkins CWE-79	5.4
2017-10-05	CVE-2017-1000102	Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. network low complexity jenkins CWE-79	5.4
2017-10-05	CVE-2017-1000096	Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Pipeline: Groovy Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. network low complexity jenkins CWE-732	8.8
2017-10-05	CVE-2017-1000095	Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). network low complexity jenkins CWE-732	6.5
2017-10-05	CVE-2017-1000094	Information Exposure vulnerability in Jenkins Docker Commons Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. network low complexity jenkins CWE-200	6.5

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins