Vulnerabilities > Jenkins > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-05 | CVE-2018-1000142 | Information Exposure vulnerability in Jenkins Github Pull Request Builder An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | 2.1 |
| 2018-04-05 | CVE-2018-1000143 | Information Exposure vulnerability in Jenkins Github Pull Request Builder An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | 2.1 |
| 2018-04-05 | CVE-2018-1000150 | Information Exposure vulnerability in Jenkins Reverse Proxy Auth An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. | 2.1 |
| 2018-03-13 | CVE-2018-1000104 | Insufficiently Protected Credentials vulnerability in Jenkins Coverity A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. | 2.1 |
| 2018-03-13 | CVE-2018-1000113 | Cross-site Scripting vulnerability in Jenkins Testlink A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. | 3.5 |
| 2018-01-26 | CVE-2017-1000386 | Cross-site Scripting vulnerability in Jenkins Active Choices Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. | 3.5 |
| 2018-01-26 | CVE-2017-1000387 | Insufficiently Protected Credentials vulnerability in Jenkins Build-Publisher Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. | 2.1 |
| 2018-01-26 | CVE-2017-1000392 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | 3.5 |
| 2018-01-26 | CVE-2017-1000401 | Improper Input Validation vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. | 1.2 |
| 2017-12-06 | CVE-2017-17383 | Cross-site Scripting vulnerability in Jenkins Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | 3.5 |