Vulnerabilities > Jenkins
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-17 | CVE-2014-2060 | Unspecified vulnerability in Jenkins The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | 5.0 |
2014-10-17 | CVE-2014-2058 | Permissions, Privileges, and Access Controls vulnerability in Jenkins BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. | 6.5 |
2014-10-17 | CVE-2013-7330 | Permissions, Privileges, and Access Controls vulnerability in Jenkins Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | 4.0 |
2014-10-16 | CVE-2014-3666 | Code Injection vulnerability in multiple products Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | 7.5 |
2014-03-01 | CVE-2014-2067 | Cross-Site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | 3.5 |
2014-03-01 | CVE-2014-2059 | Path Traversal vulnerability in Jenkins Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | 6.5 |
2013-12-31 | CVE-2013-5573 | Cross-Site Scripting vulnerability in Jenkins 1.523 Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. | 4.3 |
2013-03-19 | CVE-2013-0331 | Improper Input Validation vulnerability in Jenkins Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | 4.0 |
2013-03-19 | CVE-2013-0330 | Security Bypass vulnerability in Jenkins Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. | 4.0 |
2013-02-24 | CVE-2013-0158 | Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors. | 2.6 |