Vulnerabilities > Jenkins > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-01 | CVE-2017-1000242 | Information Exposure vulnerability in Jenkins GIT Client Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | 2.1 |
| 2017-10-05 | CVE-2017-1000088 | Cross-site Scripting vulnerability in Jenkins Sidebar Link The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. | 3.5 |
| 2017-10-05 | CVE-2017-1000092 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins GIT Git Plugin connects to a user-specified Git repository as part of form validation. | 2.6 |
| 2017-10-05 | CVE-2017-1000102 | Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. | 3.5 |
| 2017-10-05 | CVE-2017-1000103 | Cross-site Scripting vulnerability in Jenkins DRY The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 3.5 |
| 2017-10-05 | CVE-2017-1000113 | Information Exposure vulnerability in Jenkins Deploy The Deploy to container Plugin stored passwords unencrypted as part of its configuration. | 2.1 |
| 2017-02-09 | CVE-2016-3101 | Cross-site Scripting vulnerability in Jenkins Extra Columns Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | 3.5 |
| 2016-02-03 | CVE-2015-7536 | Cross-site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts. | 3.5 |
| 2015-10-16 | CVE-2015-1807 | Path Traversal vulnerability in Jenkins Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | 3.5 |
| 2015-10-16 | CVE-2015-1808 | Improper Input Validation vulnerability in Jenkins Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | 3.5 |