Vulnerabilities > Redhat > Openshift > 1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-16 | CVE-2015-1814 | Permissions, Privileges, and Access Controls vulnerability in multiple products The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. | 7.5 |
| 2015-10-16 | CVE-2015-1813 | Cross-site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812. | 4.3 |
| 2015-10-16 | CVE-2015-1812 | Cross-site Scripting vulnerability in Jenkins Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813. | 4.3 |
| 2015-10-16 | CVE-2015-1810 | Permissions, Privileges, and Access Controls vulnerability in multiple products The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | 4.6 |
| 2015-10-16 | CVE-2015-1808 | Improper Input Validation vulnerability in Jenkins Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | 3.5 |
| 2015-10-16 | CVE-2015-1807 | Path Traversal vulnerability in Jenkins Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | 3.5 |
| 2015-10-16 | CVE-2015-1806 | Permissions, Privileges, and Access Controls vulnerability in Jenkins The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | 6.5 |
| 2014-10-16 | CVE-2014-3666 | Code Injection vulnerability in multiple products Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | 7.5 |
| 2014-02-08 | CVE-2014-1869 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. | 4.3 |
| 2013-10-28 | CVE-2013-2186 | Improper Input Validation vulnerability in multiple products The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | 7.5 |