Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-12 CVE-2019-10395 Cross-site Scripting vulnerability in Jenkins Build Environment
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties.
network
low complexity
jenkins CWE-79
5.4
2019-09-12 CVE-2019-10394 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
high complexity
jenkins
4.2
2019-09-12 CVE-2019-10393 Unspecified vulnerability in Jenkins Script Security
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
network
high complexity
jenkins
4.2
2019-08-28 CVE-2019-10391 Cleartext Transmission of Sensitive Information vulnerability in Jenkins IBM Application Security on Cloud
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
network
low complexity
jenkins CWE-319
6.5
2019-08-28 CVE-2019-10383 Cross-site Scripting vulnerability in multiple products
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
network
low complexity
jenkins oracle redhat CWE-79
4.8
2019-08-07 CVE-2019-10389 Missing Authorization vulnerability in Jenkins Relution Enterprise Appstore Publisher 1.0/1.24
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
network
low complexity
jenkins CWE-862
4.3
2019-08-07 CVE-2019-10388 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Relution Enterprise Appstore Publisher 1.0/1.24
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
4.3
2019-08-07 CVE-2019-10387 Missing Authorization vulnerability in Jenkins XL Testview
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2019-08-07 CVE-2019-10385 Insufficiently Protected Credentials vulnerability in Jenkins Eggplant
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
network
low complexity
jenkins CWE-522
6.5
2019-08-07 CVE-2019-10382 Improper Certificate Validation vulnerability in Jenkins VMWare LAB Manager Slaves
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
network
high complexity
jenkins CWE-295
6.5