Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-05 | CVE-2018-1000144 | Cross-site Scripting vulnerability in Jenkins Cucumber Living Documentation A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | 6.1 |
| 2018-04-05 | CVE-2018-1000143 | Information Exposure vulnerability in Jenkins Github Pull Request Builder An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | 6.7 |
| 2018-03-13 | CVE-2018-1000114 | Incorrect Authorization vulnerability in Jenkins Promoted Builds An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. | 4.3 |
| 2018-03-13 | CVE-2018-1000113 | Cross-site Scripting vulnerability in Jenkins Testlink A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. | 5.4 |
| 2018-03-13 | CVE-2018-1000112 | Incorrect Authorization vulnerability in Jenkins Mercurial An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |
| 2018-03-13 | CVE-2018-1000111 | Incorrect Authorization vulnerability in Jenkins Subversion An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |
| 2018-03-13 | CVE-2018-1000110 | Incorrect Authorization vulnerability in Jenkins GIT An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |
| 2018-03-13 | CVE-2018-1000109 | Incorrect Authorization vulnerability in Jenkins Google-Play-Android-Publisher An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. | 4.3 |
| 2018-03-13 | CVE-2018-1000108 | Cross-site Scripting vulnerability in Jenkins Cppncss 1.0/1.1 A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed. | 6.1 |
| 2018-03-13 | CVE-2018-1000107 | Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. | 6.5 |