Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-01 CVE-2018-1999031 Information Exposure vulnerability in Jenkins Meliora Testlab
An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration.
network
low complexity
jenkins CWE-200
4.0
2018-08-01 CVE-2018-1999030 Information Exposure vulnerability in Jenkins Maven Artifact Choicelistprovider (Nexus)
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
network
low complexity
jenkins CWE-200
4.0
2018-08-01 CVE-2018-1999028 Information Exposure vulnerability in Jenkins Accurev
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
network
low complexity
jenkins CWE-200
4.0
2018-08-01 CVE-2018-1999027 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Saltstack
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
network
jenkins CWE-352
6.8
2018-08-01 CVE-2018-1999026 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Tracetronic Ecu-Test
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.
network
low complexity
jenkins CWE-918
4.0
2018-08-01 CVE-2018-1999025 Improper Certificate Validation vulnerability in Jenkins Tracetronic Ecu-Test
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.
network
jenkins CWE-295
5.8
2018-07-27 CVE-2017-2650 Security Bypass vulnerability in Jenkins Pipeline Classpath Step 0.1.0
It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g.
network
jenkins
6.0
2018-07-27 CVE-2017-2649 Improper Certificate Validation vulnerability in Jenkins Active Directory
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
network
jenkins CWE-295
6.8
2018-07-27 CVE-2017-2648 Improper Certificate Validation vulnerability in Jenkins SSH Slaves
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
network
jenkins CWE-295
6.8
2018-07-27 CVE-2017-2651 Information Exposure vulnerability in Jenkins Mailer
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs.
network
jenkins CWE-200
4.3