|
256971
|
7.5 |
HIGH
Network
|
golang
|
go
|
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generat…
|
CWE-769
DEPRECATED: Uncontrolled File Descriptor Consumption
|
CVE-2017-1000098
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256972
|
7.5 |
HIGH
Network
|
golang
|
go
|
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verif…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000097
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256973
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline\
|
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000096
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256974
|
6.5 |
MEDIUM
Network
|
jenkins
|
docker_commons
|
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did…
|
CWE-200
Information Exposure
|
CVE-2017-1000094
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256975
|
6.5 |
MEDIUM
Network
|
jenkins
|
script_security
|
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the ac…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000095
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256976
|
8.8 |
HIGH
Network
|
jenkins
|
poll_scm
|
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a kno…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000093
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256977
|
7.5 |
HIGH
Network
|
jenkins
|
git
|
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a d…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000092
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256978
|
6.3 |
MEDIUM
Network
|
jenkins
|
github_branch_source
|
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This function…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000091
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256979
|
8.8 |
HIGH
Network
|
jenkins
|
role-based_authorization_strategy
|
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administra…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000090
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256980
|
5.3 |
MEDIUM
Network
|
jenkins
|
pipeline\
|
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the …
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-1000089
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
