Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000112 | Incorrect Authorization vulnerability in Jenkins Mercurial An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.0 |
| 2018-03-13 | CVE-2018-1000111 | Incorrect Authorization vulnerability in Jenkins Subversion An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.0 |
| 2018-03-13 | CVE-2018-1000110 | Incorrect Authorization vulnerability in Jenkins GIT An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.0 |
| 2018-03-13 | CVE-2018-1000109 | Incorrect Authorization vulnerability in Jenkins Google-Play-Android-Publisher An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. | 4.0 |
| 2018-03-13 | CVE-2018-1000108 | Cross-site Scripting vulnerability in Jenkins Cppncss 1.0/1.1 A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed. | 4.3 |
| 2018-03-13 | CVE-2018-1000107 | Incorrect Authorization vulnerability in Jenkins JOB and Node Ownership An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata. | 4.0 |
| 2018-03-13 | CVE-2018-1000106 | Incorrect Authorization vulnerability in Jenkins Gerrit Trigger An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. | 5.5 |
| 2018-03-13 | CVE-2018-1000105 | Incorrect Authorization vulnerability in Jenkins Gerrit Trigger An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins. | 4.0 |
| 2018-02-20 | CVE-2018-6356 | Path Traversal vulnerability in multiple products Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. | 4.0 |
| 2018-02-16 | CVE-2018-1000068 | Information Exposure vulnerability in multiple products An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. | 5.0 |