CVE-2020-2100
https://notcve.org/view.php?id=CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a un ataque de denegación de servicio de reflexión de amplificación UDP en el puerto 33848. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641 •
CVE-2020-2099
https://notcve.org/view.php?id=CVE-2020-2099
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. Jenkins versiones 2.213 y anteriores, versiones LTS 2.204.1 y anteriores, reutilizan inapropiadamente los parámetros de clave de cifrado en el Inbound TCP Agent Protocol/3, permitiendo a atacantes no autorizados con conocimiento de los nombres de los agentes obtener los secretos de conexión para esos agentes, que pueden ser usados para conectar con Jenkins , haciéndose pasar por esos agentes. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682 • CWE-330: Use of Insufficiently Random Values •
CVE-2012-4441
https://notcve.org/view.php?id=CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin CI game. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://security-tracker.debian.org/tracker/CVE-2012-4441 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4440
https://notcve.org/view.php?id=CVE-2012-4440
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin Violations. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://security-tracker.debian.org/tracker/CVE-2012-4440 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4439
https://notcve.org/view.php?id=CVE-2012-4439
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una URL diseñada que apunta a Jenkins. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 https://security-tracker.debian.org/tracker/CVE-2012-4439 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •