Page 15 of 237 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. Jenkins versiones 2.227 y anteriores, LTS versiones 2.204.5 y anteriores, usan diferentes representaciones de rutas URL de petición, lo cual permite a atacantes diseñar una URL que permite la omisión de la protección de CSRF de cualquier URL objetivo. • http://www.openwall.com/lists/oss-security/2020/03/25/2 https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1774 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. Jenkins versiones 2.227 y anteriores, LTS versiones 2.204.5 y versiones anteriores, no se escapan apropiadamente las etiquetas de nodo que son mostradas en la comprobación del formulario para las expresiones de etiqueta en las páginas de configuración del trabajo, resultando en una vulnerabilidad de tipo XSS almacenado explotable por usuarios capaces de definir etiquetas de nodo. • http://www.openwall.com/lists/oss-security/2020/03/25/2 https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." Una vulnerabilidad de ataque de colisión de hash en Jenkins versiones anteriores a 1.447, Jenkins LTS versiones anteriores a 1.424.2 y Jenkins Enterprise de CloudBees versiones 1.424.x anteriores a 1.424.2.1 y versiones 1.400.x anteriores a 1.400.0.11, podría permitir a atacantes remotos causar una carga de la CPU considerable, también se conoce como "the Hash DoS attack". • http://www.openwall.com/lists/oss-security/2012/01/20/8 https://access.redhat.com/security/cve/cve-2012-0785 https://jenkins.io/security/advisory/2012-01-12 https://security-tracker.debian.org/tracker/CVE-2012-0785 https://www.cloudbees.com/jenkins-security-advisory-2012-01-12 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. Los endpoint de la API REST en Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a los ataques de secuestro de cliqueo. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, expuso identificadores de sesión en un objeto de detalles de usuario en la página de diagnóstico whoAmI. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •