Vulnerabilities > Oracle > Communications Cloud Native Core Automated Test Suite > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-05	CVE-2018-1000192	A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. network low complexity jenkins oracle	4.3
2018-02-20	CVE-2018-6356	Path Traversal vulnerability in multiple products Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. network low complexity jenkins oracle CWE-22	6.5
2018-02-16	CVE-2018-1000068	Information Exposure vulnerability in multiple products An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. network low complexity jenkins oracle CWE-200	5.3
2018-02-16	CVE-2018-1000067	Server-Side Request Forgery (SSRF) vulnerability in multiple products An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. network low complexity jenkins oracle CWE-918	5.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.