Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000113 | Information Exposure vulnerability in Jenkins Deploy The Deploy to container Plugin stored passwords unencrypted as part of its configuration. | 5.5 |
| 2017-10-05 | CVE-2017-1000110 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 4.3 |
| 2017-10-05 | CVE-2017-1000109 | Cross-site Scripting vulnerability in Jenkins Owasp Dependency-Check The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 6.1 |
| 2017-10-05 | CVE-2017-1000105 | Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. | 5.3 |
| 2017-10-05 | CVE-2017-1000104 | Improper Privilege Management vulnerability in Jenkins Config File Provider The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. | 6.5 |
| 2017-10-05 | CVE-2017-1000103 | Cross-site Scripting vulnerability in Jenkins DRY The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 5.4 |
| 2017-10-05 | CVE-2017-1000102 | Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. | 5.4 |
| 2017-10-05 | CVE-2017-1000095 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). | 6.5 |
| 2017-10-05 | CVE-2017-1000094 | Information Exposure vulnerability in Jenkins Docker Commons Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. | 6.5 |
| 2017-10-05 | CVE-2017-1000091 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. | 6.3 |