CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2012-6072 – Jenkins: HTTP response splitting
https://notcve.org/view.php?id=CVE-2012-6072
24 Feb 2013 — CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x ... • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 68EXPL: 0CVE-2012-6073 – Jenkins: open redirect
https://notcve.org/view.php?id=CVE-2012-6073
24 Feb 2013 — Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en ... • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 68EXPL: 0CVE-2012-6074 – Jenkins: cross-site scripting vulnerability
https://notcve.org/view.php?id=CVE-2012-6074
24 Feb 2013 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versio... • http://rhn.redhat.com/errata/RHSA-2013-0220.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 144EXPL: 0CVE-2012-0324
https://notcve.org/view.php?id=CVE-2012-0324
09 Mar 2012 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anter... • http://jvn.jp/en/jp/JVN14791558/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 144EXPL: 0CVE-2012-0325
https://notcve.org/view.php?id=CVE-2012-0325
09 Mar 2012 — Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anter... • http://jvn.jp/en/jp/JVN79950061/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4344
https://notcve.org/view.php?id=CVE-2011-4344
01 Dec 2011 — Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. Vulnerabilidad de XSS en Jenkins Core en Jenkins en versiones anteriores a 1.438 y 1.409 LTS en versiones anteriores a 1.409.3 LTS, cuando se utiliza un contenedor independiente, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitr... • http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •