Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000102 | Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. | 5.4 |
| 2017-10-05 | CVE-2017-1000095 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). | 6.5 |
| 2017-10-05 | CVE-2017-1000094 | Information Exposure vulnerability in Jenkins Docker Commons Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. | 6.5 |
| 2017-10-05 | CVE-2017-1000091 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. | 6.3 |
| 2017-10-05 | CVE-2017-1000089 | Incorrect Default Permissions vulnerability in Jenkins Pipeline: Build Step Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. | 5.3 |
| 2017-10-05 | CVE-2017-1000088 | Cross-site Scripting vulnerability in Jenkins Sidebar Link The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. | 5.4 |
| 2017-10-05 | CVE-2017-1000087 | Information Exposure vulnerability in Jenkins Github Branch Source GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. | 4.3 |
| 2017-10-05 | CVE-2017-1000085 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Subversion Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. | 6.5 |
| 2017-10-05 | CVE-2017-1000084 | Incorrect Default Permissions vulnerability in Jenkins Parameterized Trigger Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | 6.5 |
| 2017-09-12 | CVE-2014-9635 | 7PK - Security Features vulnerability in Jenkins Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 5.3 |