Total
244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3724 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. | |||||
CVE-2015-5323 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 6.5 MEDIUM | N/A |
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. | |||||
CVE-2015-5320 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 5.0 MEDIUM | N/A |
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. | |||||
CVE-2016-0792 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | |||||
CVE-2015-1810 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.6 MEDIUM | N/A |
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | |||||
CVE-2016-0788 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | |||||
CVE-2016-3722 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | |||||
CVE-2015-7538 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. | |||||
CVE-2015-5326 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message. | |||||
CVE-2015-7536 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts. | |||||
CVE-2014-3680 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. | |||||
CVE-2014-3663 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 6.0 MEDIUM | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | |||||
CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | |||||
CVE-2014-2060 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 5.0 MEDIUM | N/A |
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | |||||
CVE-2014-2062 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 6.5 MEDIUM | N/A |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | |||||
CVE-2014-2063 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 7.5 HIGH | N/A |
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2013-7330 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 4.0 MEDIUM | N/A |
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | |||||
CVE-2014-2058 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 6.5 MEDIUM | N/A |
BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. | |||||
CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 7.5 HIGH | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
CVE-2014-2068 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 3.5 LOW | N/A |
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. |