10 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." Una vulnerabilidad de ataque de colisión de hash en Jenkins versiones anteriores a 1.447, Jenkins LTS versiones anteriores a 1.424.2 y Jenkins Enterprise de CloudBees versiones 1.424.x anteriores a 1.424.2.1 y versiones 1.400.x anteriores a 1.400.0.11, podría permitir a atacantes remotos causar una carga de la CPU considerable, también se conoce como "the Hash DoS attack". • http://www.openwall.com/lists/oss-security/2012/01/20/8 https://access.redhat.com/security/cve/cve-2012-0785 https://jenkins.io/security/advisory/2012-01-12 https://security-tracker.debian.org/tracker/CVE-2012-0785 https://www.cloudbees.com/jenkins-security-advisory-2012-01-12 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page. En CloudBees Jenkins Operations Center versión 2.150.2.3, cuando existe una licencia de prueba caducada, permite el almacenamiento y recuperación de contraseñas de texto sin cifrar por medio de la página de configuración del proxy. • https://github.com/binary1985/VulnerabilityDisclosure/blob/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure https://release-notes.cloudbees.com/release/21/8.18 • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors. Múltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones de (1) ejecutar código arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a través de vectores no especificados. • http://osvdb.org/92981 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permite a usuarios remotos autenticados con permisos de escritura inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/92982 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a usuarios remotos autenticados con acceso de escritura inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0220.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb http://www.openwall.com/lists/oss-security/2012/12/28/1 https://bugzilla.redhat.com/show_bug.cgi?id=890612 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 https://access.redhat.com/security/cve/CVE-2012-6074 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •