|
256721
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address,…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-1000141
|
2024-11-21 12:04 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256722
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an …
|
CWE-352
Origin Validation Error
|
CVE-2017-1000356
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256723
|
6.5 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000355
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256724
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based…
|
CWE-287
Improper Authentication
|
CVE-2017-1000354
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256725
|
9.8 |
CRITICAL
Network
|
jenkins
oracle
|
jenkins
communications_cloud_native_core_automated_test_suite
|
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attacker…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000353
|
2024-11-21 12:04 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256726
|
6.1 |
MEDIUM
Network
|
jenkins
|
delivery_pipeline
|
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability thro…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000404
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256727
|
8.8 |
HIGH
Network
|
jenkins
|
speaks\!
|
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000403
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256728
|
5.9 |
MEDIUM
Network
|
jenkins
|
swarm
|
Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible …
|
CWE-20
Improper Input Validation
|
CVE-2017-1000402
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256729
|
2.2 |
LOW
Local
|
jenkins
|
jenkins
|
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests w…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000401
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256730
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current…
|
CWE-862
Missing Authorization
|
CVE-2017-1000400
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
