Vulnerabilities > Jenkins > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-09 | CVE-2018-1000401 | Insufficiently Protected Credentials vulnerability in Jenkins AWS Codepipeline Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. | 2.1 |
2018-07-09 | CVE-2018-1000403 | Insufficiently Protected Credentials vulnerability in Jenkins AWS Codedeploy Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. | 2.1 |
2018-07-09 | CVE-2018-1000404 | Insufficiently Protected Credentials vulnerability in Jenkins AWS Codebuild Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. | 2.1 |
2018-06-26 | CVE-2018-1000604 | Cross-site Scripting vulnerability in Jenkins Badge A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 3.5 |
2018-06-05 | CVE-2018-1000202 | Cross-site Scripting vulnerability in Jenkins Groovy Postbuild A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 3.5 |
2018-05-21 | CVE-2017-2607 | Cross-site Scripting vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). | 3.5 |
2018-05-15 | CVE-2017-2603 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. | 3.5 |
2018-05-15 | CVE-2017-2610 | Cross-site Scripting vulnerability in Jenkins jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388). | 3.5 |
2018-05-08 | CVE-2018-1000177 | Cross-site Scripting vulnerability in Jenkins S3 Publisher A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | 3.5 |
2018-04-16 | CVE-2018-1000170 | Cross-site Scripting vulnerability in Jenkins A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 3.5 |