Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000108 | Information Exposure vulnerability in Jenkins Pipeline-Input-Step The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. | 5.0 |
| 2017-10-05 | CVE-2017-1000107 | Unspecified vulnerability in Jenkins Script Security 1.30 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. | 6.5 |
| 2017-10-05 | CVE-2017-1000106 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 5.5 |
| 2017-10-05 | CVE-2017-1000105 | Missing Authorization vulnerability in Jenkins Blue Ocean The optional Run/Artifacts permission can be enabled by setting a Java system property. | 5.0 |
| 2017-10-05 | CVE-2017-1000104 | Improper Privilege Management vulnerability in Jenkins Config File Provider The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. | 4.0 |
| 2017-10-05 | CVE-2017-1000096 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Pipeline: Groovy Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. | 6.5 |
| 2017-10-05 | CVE-2017-1000095 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Script Security 1.34 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). | 4.0 |
| 2017-10-05 | CVE-2017-1000094 | Information Exposure vulnerability in Jenkins Docker Commons 1.9 Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. | 4.0 |
| 2017-10-05 | CVE-2017-1000093 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Poll SCM Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | 6.8 |
| 2017-10-05 | CVE-2017-1000091 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. | 6.8 |