|
250601
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2610
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250602
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
|
CWE-287
Improper Authentication
|
CVE-2017-2604
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250603
|
3.5 |
LOW
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
|
CWE-200
Information Exposure
|
CVE-2017-2603
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250604
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written …
|
NVD-CWE-noinfo
|
CVE-2017-2602
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250605
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-2612
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250606
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-2608
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250607
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURI…
|
CWE-200
Information Exposure
|
CVE-2017-2600
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250608
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inj…
|
-
|
CVE-2017-2601
|
2024-11-21 12:23 |
2018-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250609
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymo…
|
CWE-200
Information Exposure
|
CVE-2017-2606
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250610
|
4.3 |
MEDIUM
Network
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permis…
|
CWE-863
Incorrect Authorization
|
CVE-2017-2611
|
2024-11-21 12:23 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
