|
256961
|
7.5 |
HIGH
Network
|
jenkins
|
pipeline-input-step
|
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item…
|
CWE-200
Information Exposure
|
CVE-2017-1000108
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256962
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions.…
|
NVD-CWE-noinfo
|
CVE-2017-1000107
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256963
|
5.3 |
MEDIUM
Network
|
jenkins
|
blue_ocean
|
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission wa…
|
CWE-862
Missing Authorization
|
CVE-2017-1000105
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256964
|
5.4 |
MEDIUM
Network
|
jenkins
|
dry
|
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000103
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256965
|
5.4 |
MEDIUM
Network
|
jenkins
|
static_analysis_utilities
|
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000102
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256966
|
8.5 |
HIGH
Network
|
jenkins
|
blue_ocean
|
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines …
|
CWE-287
Improper Authentication
|
CVE-2017-1000106
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256967
|
6.5 |
MEDIUM
Network
|
jenkins
|
config_file_provider
|
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs …
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000104
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256968
|
6.5 |
MEDIUM
Network
|
haxx
|
curl
|
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numeri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000101
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256969
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the b…
|
CWE-200
Information Exposure
|
CVE-2017-1000100
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256970
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st…
|
CWE-200
Information Exposure
|
CVE-2017-1000099
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
