Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-26 CVE-2017-1000390 Missing Authorization vulnerability in Jenkins Multijob
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
network
low complexity
jenkins CWE-862
4.0
2018-01-26 CVE-2017-1000389 Cross-site Scripting vulnerability in Jenkins Global-Build-Stats
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters.
network
jenkins CWE-79
4.3
2018-01-26 CVE-2017-1000388 Missing Authorization vulnerability in Jenkins Dependency Graph Viewer
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.
network
low complexity
jenkins CWE-862
4.0
2018-01-25 CVE-2017-1000505 Information Exposure vulnerability in Jenkins Script Security
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings.
network
low complexity
jenkins CWE-200
4.0
2018-01-24 CVE-2017-1000504 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization.
network
jenkins CWE-352
6.8
2018-01-24 CVE-2017-1000503 Race Condition vulnerability in Jenkins
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization.
network
jenkins CWE-362
6.8
2018-01-23 CVE-2018-1000015 Missing Authorization vulnerability in Jenkins Pipeline Nodes and Processes
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents.
network
jenkins CWE-862
4.9
2018-01-23 CVE-2018-1000014 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Translation Assistance
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
network
jenkins CWE-352
6.8
2018-01-23 CVE-2018-1000013 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Release
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
network
jenkins CWE-352
6.8
2018-01-23 CVE-2018-1000012 XXE vulnerability in Jenkins Warnings
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-611
6.5