CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2014-3679
https://notcve.org/view.php?id=CVE-2014-3679
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages. El plugin Monitoring en versiones anteriores a 1.53.0 para Jenkins permite a atacantes remotos obtener información sensible accediendo a páginas no especificadas. • https://wiki.jenkins-ci.org/display/JENKINS/Monitoring https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2014-3678
https://notcve.org/view.php?id=CVE-2014-3678
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Monitoring en versiones anteriores a 1.53.0 para Jenkins permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/59122 https://wiki.jenkins-ci.org/display/JENKINS/Monitoring https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 54EXPL: 1CVE-2013-6372
https://notcve.org/view.php?id=CVE-2013-6372
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. El plugin Subversion anterior a 1.54 para Jenkins almacena credenciales utilizando codificación base64, lo que permite a usuarios locales obtener contraseñas y claves privadas SSH mediante la lectura de un archivo subversion.credentials. • https://bugzilla.redhat.com/show_bug.cgi?id=1032391 https://github.com/jenkinsci/subversion-plugin/commit/7d4562d6f7e40de04bbe29577b51c79f07d05ba6 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6373
https://notcve.org/view.php?id=CVE-2013-6373
The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. El plugin Exclusión en versiones anteriores a 0.9 para Jenkins no previene adecuadamente el acceso a los bloqueos de recursos, lo que permite a usuarios remotos autenticados listar y liberar recursos a través de vectores no especificados. • https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6374
https://notcve.org/view.php?id=CVE-2013-6374
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Build Failure Analyzer en versiones anteriores a 1.5.1 para Jenkins permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/100106 http://secunia.com/advisories/55783 https://wiki.jenkins-ci.org/display/JENKINS/Build+Failure+Analyzer https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •