Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000114 | Information Exposure vulnerability in Jenkins Datadog The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. | 3.1 |
| 2017-10-05 | CVE-2017-1000113 | Information Exposure vulnerability in Jenkins Deploy The Deploy to container Plugin stored passwords unencrypted as part of its configuration. | 5.5 |
| 2017-10-05 | CVE-2017-1000110 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 4.3 |
| 2017-10-05 | CVE-2017-1000109 | Cross-site Scripting vulnerability in Jenkins Owasp Dependency-Check The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 6.1 |
| 2017-10-05 | CVE-2017-1000108 | Information Exposure vulnerability in Jenkins Pipeline-Input-Step The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. | 7.5 |
| 2017-10-05 | CVE-2017-1000107 | Unspecified vulnerability in Jenkins Script Security 1.30 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. | 8.8 |
| 2017-10-05 | CVE-2017-1000106 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 8.5 |
| 2017-10-05 | CVE-2017-1000105 | Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. | 5.3 |
| 2017-10-05 | CVE-2017-1000104 | Improper Privilege Management vulnerability in Jenkins Config File Provider The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. | 6.5 |
| 2017-10-05 | CVE-2017-1000103 | Cross-site Scripting vulnerability in Jenkins DRY The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 5.4 |