Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-10 CVE-2017-2601 Cross-site Scripting vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353).
network
low complexity
jenkins CWE-79
5.4
2018-05-08 CVE-2017-2606 Information Exposure vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380).
network
low complexity
jenkins CWE-200
4.3
2018-05-08 CVE-2017-2611 Incorrect Authorization vulnerability in multiple products
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389).
network
low complexity
jenkins redhat CWE-863
4.3
2018-05-08 CVE-2018-1000177 Cross-site Scripting vulnerability in Jenkins S3 Publisher
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
network
low complexity
jenkins CWE-79
5.4
2018-05-08 CVE-2018-1000176 Information Exposure vulnerability in Jenkins Email Extension
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g.
network
low complexity
jenkins CWE-200
6.5
2018-05-08 CVE-2018-1000175 Path Traversal vulnerability in Jenkins Html Publisher
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
network
low complexity
jenkins CWE-22
6.5
2018-05-08 CVE-2018-1000174 Open Redirect vulnerability in Jenkins Google Login
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.
network
low complexity
jenkins CWE-601
6.1
2018-05-08 CVE-2018-1000173 Session Fixation vulnerability in Jenkins Google Login
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
network
high complexity
jenkins CWE-384
5.9
2018-04-16 CVE-2018-1000170 Cross-site Scripting vulnerability in Jenkins
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.
network
low complexity
jenkins CWE-79
5.4
2018-04-16 CVE-2018-1000169 Information Exposure vulnerability in Jenkins
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
network
low complexity
jenkins CWE-200
5.3