Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-05	CVE-2017-1000093	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. network low complexity jenkins CWE-352	8.8
2017-10-05	CVE-2017-1000092	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT Git Plugin connects to a user-specified Git repository as part of form validation. network high complexity jenkins CWE-352	7.5
2017-10-05	CVE-2017-1000091	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. network low complexity jenkins CWE-352	6.3
2017-10-05	CVE-2017-1000090	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. network low complexity jenkins CWE-352	8.8
2017-10-05	CVE-2017-1000089	Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. network low complexity jenkins CWE-276	5.3
2017-10-05	CVE-2017-1000088	Cross-site Scripting vulnerability in Jenkins Sidebar Link The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. network low complexity jenkins CWE-79	5.4
2017-10-05	CVE-2017-1000087	Information Exposure vulnerability in Jenkins Github Branch Source GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. network low complexity jenkins CWE-200	4.3
2017-10-05	CVE-2017-1000086	Missing Authorization vulnerability in Jenkins Periodic Backup The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. network low complexity jenkins CWE-862	8.0
2017-10-05	CVE-2017-1000085	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Subversion Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. network low complexity jenkins CWE-352	6.5
2017-10-05	CVE-2017-1000084	Incorrect Default Permissions vulnerability in Jenkins Parameterized Trigger Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. network low complexity jenkins CWE-276	6.5

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins