CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000862
https://notcve.org/view.php?id=CVE-2018-1000862
10 Dec 2018 — An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser. Existe una vulnerabilidad de exposición de información en Jenkins en versiones 2.153 y anteriores, y LTS 2.138.3 y anteriores en DirectoryBrowserSupport.java que permite que los atacantes con habilidad par... • http://www.securityfocus.com/bid/106176 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000863
https://notcve.org/view.php?id=CVE-2018-1000863
10 Dec 2018 — A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins. Existe una vulnerabilidad de modificación de datos en Jenkins en versiones 2.153 y anteriores, y LTS 2.138.3 y anteriores en User.java e IdStrategy.java que permite que los atacantes envíen nombres de usuar... • http://www.securityfocus.com/bid/106176 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000864
https://notcve.org/view.php?id=CVE-2018-1000864
10 Dec 2018 — A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. Existe una vulnerabilidad de denegación de servicio (DoS) en Jenkins 2.153 y anteriores y 2.138.3 y anteriores en CronTab.java que permite que los atacantes con el permiso Overall/Read hagan que un hilo de manejo de peticiones entre en bucle infinito. • http://www.securityfocus.com/bid/106176 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999045
https://notcve.org/view.php?id=CVE-2018-1999045
23 Aug 2018 — A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. Existe una vulnerabilidad de autenticación incorrecta en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en SecurityRealm.java y TokenBasedRememberMeServices2.java que permite que los atacantes con una cookie válida mantengan su sesión abierta in... • https://jenkins.io/security/advisory/2018-08-15/#SECURITY-996 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999046
https://notcve.org/view.php?id=CVE-2018-1999046
23 Aug 2018 — A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. Existe una vulnerabilidad de exposición de información sensible en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en Computer.java que permite que los atacantes con permiso Overall/Read accedan al registro de conexiones para cualquier agente. • https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1071 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999043
https://notcve.org/view.php?id=CVE-2018-1999043
23 Aug 2018 — A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. Existe una vulnerabilidad de denegación de servicio (DoS) en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java que permite que los atacantes creen... • https://jenkins.io/security/advisory/2018-08-15/#SECURITY-672 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999044
https://notcve.org/view.php?id=CVE-2018-1999044
23 Aug 2018 — A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. Existe una vulnerabilidad de denegación de servicio (DoS) en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en CronTab.java que permite que los atacantes con permiso Overall/Read hagan que un hilo de gestión de peticiones se meta en un bucle infinito. • https://jenkins.io/security/advisory/2018-08-15/#SECURITY-790 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999047
https://notcve.org/view.php?id=CVE-2018-1999047
23 Aug 2018 — A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. Existe una vulnerabilidad de autorización incorrecta en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en UpdateCenter.java que permite que los atacantes cancelen un reinicio de Jenkins programado a través del centro de actualizaciones. • https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1999042
https://notcve.org/view.php?id=CVE-2018-1999042
23 Aug 2018 — A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Existe una vulnerabilidad en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en XStream2.java que permite que los atacantes hagan que Jenkins resuelva un nombre de dominio cuando se deserializa una instancia de java.net.URL. • https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1999005
https://notcve.org/view.php?id=CVE-2018-1999005
23 Jul 2018 — A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. Existe una vulnerabilidad de Cross-Site Scripting (XSS), en Jenkins 2.132 y anteriores y 2.121.1 y anteriores, en BuildTimelineWidget.java y BuildTimelineWidget/control.jelly, que permit... • https://jenkins.io/security/advisory/2018-07-18/#SECURITY-944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •