Vulnerabilities > Jenkins > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-17 | CVE-2014-2068 | Permissions, Privileges, and Access Controls vulnerability in Jenkins The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | 3.5 |
2014-03-01 | CVE-2014-2067 | Cross-Site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | 3.5 |
2013-02-24 | CVE-2013-0158 | Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors. | 2.6 |
2011-12-01 | CVE-2011-4344 | Cross-Site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | 2.6 |