Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-28 CVE-2019-1003047 Missing Authorization vulnerability in Jenkins Fortify on Demand Uploader
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-862
6.5
2019-03-28 CVE-2019-1003046 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Fortify on Demand Uploader
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
6.5
2019-03-28 CVE-2019-1003042 Cross-site Scripting vulnerability in Jenkins Lockable Resources
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.
network
low complexity
jenkins CWE-79
5.4
2019-03-08 CVE-2019-1003037 Missing Authorization vulnerability in Jenkins Azure VM Agents
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5
2019-03-08 CVE-2019-1003036 Missing Authorization vulnerability in Jenkins Azure VM Agents
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
network
low complexity
jenkins CWE-862
4.3
2019-03-08 CVE-2019-1003035 Missing Authorization vulnerability in Jenkins Azure VM Agents
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
network
low complexity
jenkins CWE-862
4.3
2019-02-20 CVE-2019-1003028 Server-Side Request Forgery (SSRF) vulnerability in Jenkins JMS Messaging
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
network
low complexity
jenkins CWE-918
4.3
2019-02-20 CVE-2019-1003027 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Octopusdeploy
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.
network
low complexity
jenkins CWE-918
4.3
2019-02-20 CVE-2019-1003026 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Mattermost
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
network
low complexity
jenkins CWE-918
4.3
2019-02-06 CVE-2019-1003023 Cross-site Scripting vulnerability in Jenkins Warnings Next Generation 1.0.0/1.0.1
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.
network
low complexity
jenkins CWE-79
6.1