Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jenkins Subscribe
Total 1603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10332 1 Jenkins 1 Electricflow 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-10310 1 Jenkins 1 Ansible Tower 2023-12-10 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins
CVE-2019-1003056 1 Jenkins 1 Websphere Deployer 2023-12-10 4.0 MEDIUM 8.8 HIGH
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-10393 1 Jenkins 1 Script Security 2023-12-10 4.9 MEDIUM 4.2 MEDIUM
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts.
CVE-2019-1003053 1 Jenkins 1 Hockeyapp 2023-12-10 4.0 MEDIUM 8.8 HIGH
Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003077 1 Jenkins 1 Audit To Database 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-10334 1 Jenkins 1 Electricflow 2023-12-10 5.8 MEDIUM 6.5 MEDIUM
Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.
CVE-2019-1003090 1 Jenkins 1 Soasta Cloudtest 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003084 1 Jenkins 1 Zephyr Enterprise Test Management 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003035 1 Jenkins 1 Azure Vm Agents 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
CVE-2019-10305 1 Jenkins 1 Xebialabs Xl Deploy 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-10363 1 Jenkins 1 Configuration As Code 2023-12-10 4.0 MEDIUM 4.9 MEDIUM
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.
CVE-2019-10346 1 Jenkins 1 Embeddable Build Status 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
CVE-2019-10312 1 Jenkins 1 Ansible Tower 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10331 1 Jenkins 1 Electricflow 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2019-1003005 1 Jenkins 1 Script Security 2023-12-10 6.5 MEDIUM 8.8 HIGH
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2018-1999003 2 Jenkins, Oracle 2 Jenkins, Communications Cloud Native Core Automated Test Suite 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
CVE-2019-1003023 1 Jenkins 1 Warnings Next Generation 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML.
CVE-2019-1003013 2 Jenkins, Redhat 2 Blue Ocean, Openshift Container Platform 2023-12-10 3.5 LOW 5.4 MEDIUM
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user.
CVE-2018-1999046 1 Jenkins 1 Jenkins 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent.