Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-15 | CVE-2017-2600 | Information Exposure vulnerability in Jenkins In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. | 4.0 |
| 2018-05-10 | CVE-2017-2601 | Cross-site Scripting vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). | 5.4 |
| 2018-05-08 | CVE-2017-2606 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). | 4.0 |
| 2018-05-08 | CVE-2017-2611 | Incorrect Authorization vulnerability in multiple products Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). | 4.0 |
| 2018-05-08 | CVE-2018-1000176 | Information Exposure vulnerability in Jenkins Email Extension An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. | 4.0 |
| 2018-05-08 | CVE-2018-1000175 | Path Traversal vulnerability in Jenkins Html Publisher A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | 4.0 |
| 2018-05-08 | CVE-2018-1000174 | Open Redirect vulnerability in Jenkins Google Login An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. | 5.8 |
| 2018-05-08 | CVE-2018-1000173 | Session Fixation vulnerability in Jenkins Google Login A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. | 4.3 |
| 2018-04-16 | CVE-2018-1000169 | Information Exposure vulnerability in Jenkins An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | 5.0 |
| 2018-04-11 | CVE-2017-2599 | Incorrect Authorization vulnerability in Jenkins Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. | 5.4 |