|
264251
|
7.3 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding t…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000391
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264252
|
4.3 |
MEDIUM
Network
|
jenkins
|
multijob
|
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
|
CWE-862
Missing Authorization
|
CVE-2017-1000390
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264253
|
4.3 |
MEDIUM
Network
|
jenkins
|
dependency_graph_viewer
|
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modi…
|
CWE-862
Missing Authorization
|
CVE-2017-1000388
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264254
|
6.1 |
MEDIUM
Network
|
jenkins
|
global-build-stats
|
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could h…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000389
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264255
|
7.8 |
HIGH
Local
|
jenkins
|
build-publisher
|
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home director…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-1000387
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264256
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choic…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000386
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264257
|
6.5 |
MEDIUM
Network
|
jenkins
|
script_security
|
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects…
|
CWE-200
Information Exposure
|
CVE-2017-1000505
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264258
|
7.5 |
HIGH
Network
|
impulseadventure
|
jpegsnoop
|
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.
|
CWE-369
Divide By Zero
|
CVE-2017-1000414
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264259
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000504
|
2024-11-21 12:04 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264260
|
8.1 |
HIGH
Network
|
jenkins
|
jenkins
|
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failur…
|
CWE-362
Race Condition
|
CVE-2017-1000503
|
2024-11-21 12:04 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
