Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-1000113 Information Exposure vulnerability in Jenkins Deploy
The Deploy to container Plugin stored passwords unencrypted as part of its configuration.
local
low complexity
jenkins CWE-200
5.5
2017-10-05 CVE-2017-1000110 Improper Authentication vulnerability in Jenkins Blue Ocean
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins.
network
low complexity
jenkins CWE-287
4.3
2017-10-05 CVE-2017-1000109 Cross-site Scripting vulnerability in Jenkins Owasp Dependency-Check
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
network
low complexity
jenkins CWE-79
6.1
2017-10-05 CVE-2017-1000105 Missing Authorization vulnerability in Jenkins Blue Ocean
The optional Run/Artifacts permission can be enabled by setting a Java system property.
network
low complexity
jenkins CWE-862
5.3
2017-10-05 CVE-2017-1000104 Improper Privilege Management vulnerability in Jenkins Config File Provider
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords.
network
low complexity
jenkins CWE-269
6.5
2017-10-05 CVE-2017-1000103 Cross-site Scripting vulnerability in Jenkins DRY
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
network
low complexity
jenkins CWE-79
5.4
2017-10-05 CVE-2017-1000102 Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
network
low complexity
jenkins CWE-79
5.4
2017-10-05 CVE-2017-1000095 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String).
network
low complexity
jenkins CWE-732
6.5
2017-10-05 CVE-2017-1000094 Information Exposure vulnerability in Jenkins Docker Commons
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry.
network
low complexity
jenkins CWE-200
6.5
2017-10-05 CVE-2017-1000091 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g.
network
low complexity
jenkins CWE-352
6.3