|
248221
|
7.5 |
HIGH
Network
|
soarlabs
|
soarcoin
|
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zer…
|
NVD-CWE-noinfo
|
CVE-2018-1000203
|
2024-11-21 12:39 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248222
|
5.4 |
MEDIUM
Network
|
jenkins
|
groovy_postbuild
|
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000202
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248223
|
6.5 |
MEDIUM
Network
|
jenkins
|
black_duck_hub
|
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenki…
|
CWE-611
XXE
|
CVE-2018-1000198
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248224
|
8.1 |
HIGH
Network
|
jenkins
|
black_duck_hub
|
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Bl…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000197
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248225
|
6.5 |
MEDIUM
Network
|
jenkins
|
gitlab_hook
|
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins…
|
CWE-200
Information Exposure
|
CVE-2018-1000196
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248226
|
4.3 |
MEDIUM
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins subm…
|
CWE-352
Origin Validation Error
|
CVE-2018-1000195
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248227
|
8.1 |
HIGH
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the…
|
CWE-22
Path Traversal
|
CVE-2018-1000194
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248228
|
4.3 |
MEDIUM
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names …
|
CWE-74
Injection
|
CVE-2018-1000193
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248229
|
4.3 |
MEDIUM
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all…
|
NVD-CWE-noinfo
|
CVE-2018-1000192
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248230
|
6.5 |
MEDIUM
Network
|
jenkins
|
synopsys_detect
|
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to co…
|
CWE-200
Information Exposure
|
CVE-2018-1000191
|
2024-11-21 12:39 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
