|
258701
|
5.3 |
MEDIUM
Network
|
jenkins
|
blue_ocean
|
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission wa…
|
CWE-862
Missing Authorization
|
CVE-2017-1000105
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258702
|
5.4 |
MEDIUM
Network
|
jenkins
|
dry
|
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000103
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258703
|
5.4 |
MEDIUM
Network
|
jenkins
|
static_analysis_utilities
|
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000102
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258704
|
8.5 |
HIGH
Network
|
jenkins
|
blue_ocean
|
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines …
|
CWE-287
Improper Authentication
|
CVE-2017-1000106
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258705
|
6.5 |
MEDIUM
Network
|
jenkins
|
config_file_provider
|
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs …
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000104
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258706
|
6.5 |
MEDIUM
Network
|
haxx
|
curl
|
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numeri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000101
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258707
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the b…
|
CWE-200
Information Exposure
|
CVE-2017-1000100
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258708
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st…
|
CWE-200
Information Exposure
|
CVE-2017-1000099
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258709
|
7.5 |
HIGH
Network
|
golang
|
go
|
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generat…
|
CWE-769
DEPRECATED: Uncontrolled File Descriptor Consumption
|
CVE-2017-1000098
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258710
|
7.5 |
HIGH
Network
|
golang
|
go
|
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verif…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000097
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
