Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-10 | CVE-2018-1000864 | Infinite Loop vulnerability in multiple products A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | 6.5 |
| 2018-12-10 | CVE-2018-1000862 | Information Exposure vulnerability in multiple products An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser. | 4.3 |
| 2018-08-23 | CVE-2018-1999047 | Incorrect Authorization vulnerability in Jenkins A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. | 6.5 |
| 2018-08-23 | CVE-2018-1999046 | Information Exposure vulnerability in Jenkins A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. | 4.3 |
| 2018-08-23 | CVE-2018-1999045 | Improper Authentication vulnerability in Jenkins A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. | 5.4 |
| 2018-08-23 | CVE-2018-1999044 | Infinite Loop vulnerability in Jenkins A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | 6.5 |
| 2018-08-23 | CVE-2018-1999042 | Deserialization of Untrusted Data vulnerability in Jenkins A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. | 5.3 |
| 2018-08-06 | CVE-2017-2654 | Information Exposure vulnerability in Jenkins Email Extension jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. | 5.3 |
| 2018-08-01 | CVE-2018-1999041 | Information Exposure vulnerability in Jenkins Tinfoil Security An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. | 5.5 |
| 2018-08-01 | CVE-2018-1999039 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Confluence Publisher A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. | 4.3 |