Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-05 CVE-2018-1000184 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Github
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
network
low complexity
jenkins CWE-918
5.5
2018-06-05 CVE-2018-1000183 Information Exposure vulnerability in Jenkins Github
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-200
4.0
2018-06-05 CVE-2018-1000182 Server-Side Request Forgery (SSRF) vulnerability in Jenkins GIT
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
network
low complexity
jenkins CWE-918
5.5
2018-05-23 CVE-2017-2598 Inadequate Encryption Strength vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
network
low complexity
jenkins CWE-326
4.0
2018-05-22 CVE-2017-2609 Information Exposure vulnerability in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385).
network
low complexity
jenkins CWE-200
4.0
2018-05-15 CVE-2017-2613 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins.
network
jenkins CWE-352
5.8
2018-05-15 CVE-2017-2604 Improper Authentication vulnerability in Jenkins
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
network
low complexity
jenkins CWE-287
4.0
2018-05-15 CVE-2017-2602 Security Bypass vulnerability in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem.
network
low complexity
jenkins
4.0
2018-05-15 CVE-2017-2612 Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
network
low complexity
jenkins CWE-732
5.5
2018-05-15 CVE-2017-2608 Deserialization of Untrusted Data vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
network
low complexity
jenkins CWE-502
6.5