|
247971
|
6.5 |
MEDIUM
Network
|
jenkins
|
fortify_cloudscan
|
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000607
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247972
|
6.5 |
MEDIUM
Network
|
jenkins
|
urltrigger
|
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET reque…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-1000606
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247973
|
7.4 |
HIGH
Network
|
jenkins
|
collabnet
|
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any s…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-1000605
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247974
|
5.4 |
MEDIUM
Network
|
jenkins
|
badge
|
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge conten…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000604
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247975
|
5.9 |
MEDIUM
Network
|
jenkins
|
saml
|
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-…
|
CWE-384
Session Fixation
|
CVE-2018-1000602
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247976
|
6.5 |
MEDIUM
Network
|
jenkins
|
ssh_credentials
|
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configu…
|
CWE-200
Information Exposure
|
CVE-2018-1000601
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247977
|
8.8 |
HIGH
Network
|
jenkins
|
openstack_cloud
|
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JClo…
|
CWE-200
Information Exposure
|
CVE-2018-1000603
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247978
|
8.8 |
HIGH
Network
|
jenkins
|
github
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using att…
|
CWE-200
Information Exposure
|
CVE-2018-1000600
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247979
|
6.1 |
MEDIUM
Network
|
qutebrowser
|
qutebrowser
|
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000559
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247980
|
6.5 |
MEDIUM
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full acces…
|
CWE-89
SQL Injection
|
CVE-2018-1000558
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
