|
266811
|
5.4 |
MEDIUM
Network
|
jenkins
|
dry
|
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000103
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266812
|
5.4 |
MEDIUM
Network
|
jenkins
|
static_analysis_utilities
|
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000102
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266813
|
8.5 |
HIGH
Network
|
jenkins
|
blue_ocean
|
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines …
|
CWE-287
Improper Authentication
|
CVE-2017-1000106
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266814
|
6.5 |
MEDIUM
Network
|
jenkins
|
config_file_provider
|
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs …
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000104
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266815
|
6.5 |
MEDIUM
Network
|
haxx
|
curl
|
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numeri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000101
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266816
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the b…
|
CWE-200
Information Exposure
|
CVE-2017-1000100
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266817
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st…
|
CWE-200
Information Exposure
|
CVE-2017-1000099
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266818
|
7.5 |
HIGH
Network
|
golang
|
go
|
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generat…
|
CWE-769
DEPRECATED: Uncontrolled File Descriptor Consumption
|
CVE-2017-1000098
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266819
|
7.5 |
HIGH
Network
|
golang
|
go
|
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verif…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000097
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266820
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline\
|
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000096
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
