|
258161
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2607
|
2024-11-21 12:23 |
2018-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258162
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers coul…
|
CWE-352
Origin Validation Error
|
CVE-2017-2613
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258163
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2610
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258164
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
|
CWE-287
Improper Authentication
|
CVE-2017-2604
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258165
|
3.5 |
LOW
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
|
CWE-200
Information Exposure
|
CVE-2017-2603
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258166
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written …
|
NVD-CWE-noinfo
|
CVE-2017-2602
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258167
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-2612
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258168
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-2608
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258169
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURI…
|
CWE-200
Information Exposure
|
CVE-2017-2600
|
2024-11-21 12:23 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258170
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inj…
|
-
|
CVE-2017-2601
|
2024-11-21 12:23 |
2018-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
