Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-1000112 Incorrect Authorization vulnerability in Jenkins Mercurial
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
2018-03-13 CVE-2018-1000111 Incorrect Authorization vulnerability in Jenkins Subversion
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
2018-03-13 CVE-2018-1000110 Incorrect Authorization vulnerability in Jenkins GIT
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
network
low complexity
jenkins CWE-863
5.3
2018-03-13 CVE-2018-1000109 Incorrect Authorization vulnerability in Jenkins Google-Play-Android-Publisher
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.
network
low complexity
jenkins CWE-863
4.3
2018-03-13 CVE-2018-1000108 Cross-site Scripting vulnerability in Jenkins Cppncss 1.0/1.1
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.
network
low complexity
jenkins CWE-79
6.1
2018-03-13 CVE-2018-1000107 Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
network
low complexity
jenkins CWE-863
6.5
2018-03-13 CVE-2018-1000106 Incorrect Authorization vulnerability in Jenkins Gerrit Trigger
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.
network
low complexity
jenkins CWE-863
5.4
2018-03-13 CVE-2018-1000105 Incorrect Authorization vulnerability in Jenkins Gerrit Trigger
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
network
low complexity
jenkins CWE-863
4.3
2018-02-20 CVE-2018-6356 Path Traversal vulnerability in multiple products
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files.
network
low complexity
jenkins oracle CWE-22
6.5
2018-02-16 CVE-2018-1000068 Information Exposure vulnerability in multiple products
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
network
low complexity
jenkins oracle CWE-200
5.3