Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-05	CVE-2017-1000102	Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. network low complexity jenkins CWE-79	5.4
2017-10-05	CVE-2017-1000096	Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Pipeline: Groovy Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. network low complexity jenkins CWE-732	8.8
2017-10-05	CVE-2017-1000095	Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). network low complexity jenkins CWE-732	6.5
2017-10-05	CVE-2017-1000094	Information Exposure vulnerability in Jenkins Docker Commons Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. network low complexity jenkins CWE-200	6.5
2017-10-05	CVE-2017-1000093	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. network low complexity jenkins CWE-352	8.8
2017-10-05	CVE-2017-1000092	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT Git Plugin connects to a user-specified Git repository as part of form validation. network high complexity jenkins CWE-352	7.5
2017-10-05	CVE-2017-1000091	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. network low complexity jenkins CWE-352	6.3
2017-10-05	CVE-2017-1000090	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Role-Based Authorization Strategy Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. network low complexity jenkins CWE-352	8.8
2017-10-05	CVE-2017-1000089	Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. network low complexity jenkins CWE-276	5.3
2017-10-05	CVE-2017-1000088	Cross-site Scripting vulnerability in Jenkins Sidebar Link The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. network low complexity jenkins CWE-79	5.4

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins