Page 21 of 265 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, expuso identificadores de sesión en un objeto de detalles de usuario en la página de diagnóstico whoAmI. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, permitieron a usuarios con acceso General y de Lectura visualizar un gráfico de uso de memoria de JVM. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650 • CWE-863: Incorrect Authorization •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a un ataque de denegación de servicio de reflexión de amplificación UDP en el puerto 33848. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641 •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, usó una función de comparación de tiempo no constante cuando se compara un HMAC. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660 • CWE-203: Observable Discrepancy •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, no usaban una función de comparación de tiempo constante para comprobar secretos de conexión, lo que podría potencialmente permitir a un atacante usar un ataque de sincronización para obtener este secreto. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659 • CWE-203: Observable Discrepancy •