|
264461
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current…
|
CWE-862
Missing Authorization
|
CVE-2017-1000400
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264462
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about ta…
|
CWE-200
Information Exposure
|
CVE-2017-1000399
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264463
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included informati…
|
CWE-200
Information Exposure
|
CVE-2017-1000398
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264464
|
5.9 |
MEDIUM
Network
|
jenkins
|
maven
|
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000397
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264465
|
5.9 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000396
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264466
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote …
|
CWE-200
Information Exposure
|
CVE-2017-1000395
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264467
|
7.5 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has be…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000394
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264468
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. T…
|
CWE-78
OS Command
|
CVE-2017-1000393
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264469
|
4.8 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000392
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264470
|
7.3 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding t…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000391
|
2024-11-21 12:04 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
