CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3661 – jenkins: denial of service (SECURITY-87)
https://notcve.org/view.php?id=CVE-2014-3661
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or pri... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3663 – jenkins: job configuration issues (SECURITY-127, SECURITY-128)
https://notcve.org/view.php?id=CVE-2014-3663
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the com... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2014-3666 – jenkins: remote code execution flaw (SECURITY-150)
https://notcve.org/view.php?id=CVE-2014-3666
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado para el canal de CLI. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are ad... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3667 – jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)
https://notcve.org/view.php?id=CVE-2014-3667
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 no previene adecuadamente la descarga de plugins, lo que permite a usuarios remotos autenticados con el permiso Overall/READ obtener información sensible leyendo el código del plugin. OpenShift Enterprise ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3680 – jenkins: password exposure in DOM (SECURITY-138)
https://notcve.org/view.php?id=CVE-2014-3680
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/READ obtener el valor por defecto para el campo password de un trabajo parametrizado leyendo el DOM. OpenShift Enterprise by Red Hat is the company's cloud computing Platfo... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3664 – jenkins: directory traversal flaw (SECURITY-131)
https://notcve.org/view.php?id=CVE-2014-3664
15 Oct 2014 — Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados OpenShift Enterprise by Red Hat is the company's cloud computi... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3681 – jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)
https://notcve.org/view.php?id=CVE-2014-3681
15 Oct 2014 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2034
https://notcve.org/view.php?id=CVE-2013-2034
14 May 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors. Múltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x... • http://osvdb.org/92981 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2033
https://notcve.org/view.php?id=CVE-2013-2033
10 Apr 2014 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permite a usuarios remotos a... • http://osvdb.org/92982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2059
https://notcve.org/view.php?id=CVE-2014-2059
28 Feb 2014 — Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. Vulnerabilidad de salto de directorio en la creación de trabajo de CLI (hudson/cli/CreateJobCommand.java) en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través del nombre de traba... • http://seclists.org/oss-sec/2014/q1/421 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •