|
256981
|
5.4 |
MEDIUM
Network
|
jenkins
|
sidebar_link
|
The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javasc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000088
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256982
|
4.3 |
MEDIUM
Network
|
jenkins
|
github_branch_source
|
GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any use…
|
CWE-200
Information Exposure
|
CVE-2017-1000087
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256983
|
8.0 |
HIGH
Network
|
jenkins
|
periodic_backup
|
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delet…
|
CWE-862
Missing Authorization
|
CVE-2017-1000086
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256984
|
6.5 |
MEDIUM
Network
|
jenkins
|
parameterized_trigger
|
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project i…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-1000084
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256985
|
6.5 |
MEDIUM
Network
|
jenkins
|
subversion
|
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000085
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256986
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related…
|
CWE-20
CWE-617
Improper Input Validation
Reachable Assertion
|
CVE-2017-1000252
|
2024-11-21 12:04 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256987
|
7.5 |
HIGH
Network
|
redhat
|
pagure
|
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
|
CWE-862
Missing Authorization
|
CVE-2017-1002151
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256988
|
6.1 |
MEDIUM
Network
|
fedoraproject
|
python-fedora
|
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
|
CWE-601
Open Redirect
|
CVE-2017-1002150
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256989
|
6.5 |
MEDIUM
Network
|
kubernetes
|
kubernetes
|
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed witho…
|
CWE-200
Information Exposure
|
CVE-2017-1002100
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256990
|
9.8 |
CRITICAL
Network
|
angrybyte
|
gallery-transformation
|
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed i…
|
CWE-89
SQL Injection
|
CVE-2017-1002028
|
2024-11-21 12:04 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
