|
248171
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-2612
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248172
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-2608
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248173
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURI…
|
CWE-200
Information Exposure
|
CVE-2017-2600
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248174
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inj…
|
-
|
CVE-2017-2601
|
2024-11-21 12:23 |
2018-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248175
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymo…
|
CWE-200
Information Exposure
|
CVE-2017-2606
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248176
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permis…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2611
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248177
|
7.5 |
HIGH
Network
|
hawt
|
hawtio
|
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this…
|
CWE-22
Path Traversal
|
CVE-2017-2594
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248178
|
5.5 |
MEDIUM
Local
|
openstack
canonical
|
oslo.middleware
ubuntu_linux
|
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error mess…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-2592
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248179
|
7.5 |
HIGH
Network
|
fedoraproject
redhat
|
389_directory_server
enterprise_linux
|
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An aut…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-2591
|
2024-11-21 12:23 |
2018-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248180
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't ha…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2599
|
2024-11-21 12:23 |
2018-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
