|
256731
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about ta…
|
CWE-200
Information Exposure
|
CVE-2017-1000399
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256732
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included informati…
|
CWE-200
Information Exposure
|
CVE-2017-1000398
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256733
|
5.9 |
MEDIUM
Network
|
jenkins
|
maven
|
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000397
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256734
|
5.9 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000396
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256735
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote …
|
CWE-200
Information Exposure
|
CVE-2017-1000395
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256736
|
7.5 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has be…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000394
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256737
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. T…
|
CWE-78
OS Command
|
CVE-2017-1000393
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256738
|
4.8 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000392
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256739
|
7.3 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding t…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000391
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256740
|
4.3 |
MEDIUM
Network
|
jenkins
|
multijob
|
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
|
CWE-862
Missing Authorization
|
CVE-2017-1000390
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
