Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-23 CVE-2018-1999006 Information Exposure vulnerability in Jenkins
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.
network
low complexity
jenkins CWE-200
4.0
2018-07-23 CVE-2018-1999004 Incorrect Authorization vulnerability in multiple products
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.
network
low complexity
jenkins oracle CWE-863
4.0
2018-07-23 CVE-2018-1999003 Incorrect Authorization vulnerability in multiple products
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
network
low complexity
jenkins oracle CWE-863
4.0
2018-07-23 CVE-2018-1999002 A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
network
low complexity
jenkins oracle
5.0
2018-07-23 CVE-2018-1999001 A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory.
network
jenkins oracle
4.3
2018-07-09 CVE-2018-1000402 Information Exposure vulnerability in Jenkins AWS Codedeploy
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables.
network
low complexity
jenkins CWE-200
5.0
2018-06-26 CVE-2018-1000610 Insufficiently Protected Credentials vulnerability in Jenkins Configuration AS Code
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
network
low complexity
jenkins CWE-522
4.0
2018-06-26 CVE-2018-1000609 Information Exposure vulnerability in Jenkins Configuration AS Code
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.
network
low complexity
jenkins CWE-200
4.0
2018-06-26 CVE-2018-1000608 Insufficiently Protected Credentials vulnerability in Jenkins Z/Os Connector
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g.
network
low complexity
jenkins CWE-522
4.0
2018-06-26 CVE-2018-1000607 Improper Input Validation vulnerability in Jenkins Fortify Cloudscan
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.
network
low complexity
jenkins CWE-20
4.0