Vulnerabilities > Jenkins > Low

DATE CVE VULNERABILITY TITLE RISK
2018-07-09 CVE-2018-1000401 Insufficiently Protected Credentials vulnerability in Jenkins AWS Codepipeline
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure.
local
low complexity
jenkins CWE-522
2.1
2.1
2018-07-09 CVE-2018-1000403 Insufficiently Protected Credentials vulnerability in Jenkins AWS Codedeploy
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure.
local
low complexity
jenkins CWE-522
2.1
2.1
2018-07-09 CVE-2018-1000404 Insufficiently Protected Credentials vulnerability in Jenkins AWS Codebuild
Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure.
local
low complexity
jenkins CWE-522
2.1
2.1
2018-06-26 CVE-2018-1000604 Cross-site Scripting vulnerability in Jenkins Badge
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
network
jenkins CWE-79
3.5
3.5
2018-06-05 CVE-2018-1000202 Cross-site Scripting vulnerability in Jenkins Groovy Postbuild
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
network
jenkins CWE-79
3.5
3.5
2018-05-21 CVE-2017-2607 Cross-site Scripting vulnerability in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382).
network
jenkins CWE-79
3.5
3.5
2018-05-15 CVE-2017-2603 Information Exposure vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API.
network
jenkins CWE-200
3.5
3.5
2018-05-15 CVE-2017-2610 Cross-site Scripting vulnerability in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
network
jenkins CWE-79
3.5
3.5
2018-05-08 CVE-2018-1000177 Cross-site Scripting vulnerability in Jenkins S3 Publisher
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
network
jenkins CWE-79
3.5
3.5
2018-04-16 CVE-2018-1000170 Cross-site Scripting vulnerability in Jenkins
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.
network
jenkins CWE-79
3.5
3.5