Filtered by vendor Jenkins
Subscriptions
Total
1633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000354 | 1 Jenkins | 1 Jenkins | 2024-11-21 | N/A |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. | ||||
| CVE-2017-1000353 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 9.8 Critical |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. | ||||
| CVE-2015-5298 | 1 Jenkins | 1 Google Login | 2024-11-21 | 6.5 Medium |
| The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | ||||
| CVE-2015-1811 | 2 Jenkins, Redhat | 2 Cloudbees, Openshift | 2024-11-21 | 7.5 High |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | ||||
| CVE-2015-1809 | 2 Jenkins, Redhat | 2 Cloudbees, Openshift | 2024-11-21 | 7.5 High |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | ||||
| CVE-2012-4441 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. | ||||
| CVE-2012-4440 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. | ||||
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | ||||
| CVE-2012-4438 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 8.8 High |
| Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | ||||
| CVE-2012-0785 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2024-11-21 | 7.5 High |
| Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." | ||||
| CVE-2024-52553 | 1 Jenkins | 1 Openid | 2024-11-15 | 8.8 High |
| Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. | ||||
| CVE-2024-52554 | 1 Jenkins | 1 Shared Library Version Override | 2024-11-15 | 8.8 High |
| Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection. | ||||
| CVE-2024-42906 | 2 Jenkins, Testlink | 2 Testlink, Testlink | 2024-09-05 | 4.1 Medium |
| TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. | ||||