Vulnerabilities > Jenkins > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2017-1000502 OS Command Injection vulnerability in Jenkins EC2
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched.
network
low complexity
jenkins CWE-78
8.8
8.8
2018-01-23 CVE-2018-1000014 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
low complexity
jenkins CWE-352
8.8
8.8
2018-01-23 CVE-2018-1000012 XXE vulnerability in Jenkins Warnings
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000011 XXE vulnerability in Jenkins Findbugs
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000010 XXE vulnerability in Jenkins DRY
Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000009 XXE vulnerability in Jenkins Checkstyle
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2018-01-23 CVE-2018-1000008 XXE vulnerability in Jenkins PMD
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
8.8
8.8
2017-11-01 CVE-2017-1000244 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
network
low complexity
jenkins CWE-352
8.8
8.8
2017-10-05 CVE-2017-1000108 Information Exposure vulnerability in Jenkins Pipeline-Input-Step
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input.
network
low complexity
jenkins CWE-200
7.5
7.5