|
264701
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st…
|
CWE-200
Information Exposure
|
CVE-2017-1000099
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264702
|
7.5 |
HIGH
Network
|
golang
|
go
|
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generat…
|
CWE-769
DEPRECATED: Uncontrolled File Descriptor Consumption
|
CVE-2017-1000098
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264703
|
7.5 |
HIGH
Network
|
golang
|
go
|
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verif…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000097
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264704
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline\
|
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000096
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264705
|
6.5 |
MEDIUM
Network
|
jenkins
|
docker_commons
|
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did…
|
CWE-200
Information Exposure
|
CVE-2017-1000094
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264706
|
6.5 |
MEDIUM
Network
|
jenkins
|
script_security
|
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the ac…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000095
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264707
|
8.8 |
HIGH
Network
|
jenkins
|
poll_scm
|
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a kno…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000093
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264708
|
7.5 |
HIGH
Network
|
jenkins
|
git
|
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a d…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000092
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264709
|
6.3 |
MEDIUM
Network
|
jenkins
|
github_branch_source
|
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This function…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000091
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264710
|
8.8 |
HIGH
Network
|
jenkins
|
role-based_authorization_strategy
|
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administra…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000090
|
2024-11-21 12:04 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
