Page 27 of 237 results (0.004 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362). Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a una fuga de datos de usuario en la API config.xml de los agentes desconectados. Esto podría filtrar datos sensibles como tokens de API (SECURITY-362). • http://www.securityfocus.com/bid/95955 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2603 https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0ae4e091c4265 https://jenkins.io/security/advisory/2017-02-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358). Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a una lista negra incorrecta de los archivos de metadatos de Pipeline en el subsistema de seguridad de agente-maestro. Esto podría permitir que los archivos de metadatos sean escritos por agentes maliciosos (SECURITY-358). • http://www.securityfocus.com/bid/95952 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2602 https://github.com/jenkinsci/jenkins/commit/414ff7e30aba66bed18c4ee8a8660fb36fc8c655 https://jenkins.io/security/advisory/2017-02-01 • CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). En Jenkins en versiones anteriores a la 2.44 y 2.32.2, los usuarios de privilegios bajos podían realizar acciones en los monitores administrativos debido a que no estaban protegidos de forma consistente por controles de permisos (SECURITY-371). • http://www.securityfocus.com/bid/95959 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604 https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8 https://jenkins.io/security/advisory/2017-02-01 • CWE-287: Improper Authentication CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388). Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a Cross-Site Scripting (XSS) persistente en las sugerencias de búsqueda debido al escapado incorrecto de usuarios con los caracteres "menor que" y "mayor que" en sus nombres (SECURITY-388). • http://www.securityfocus.com/bid/95951 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610 https://github.com/jenkinsci/jenkins/commit/307ed31caba68a46426b8c73a787a05add2c7489 https://jenkins.io/security/advisory/2017-02-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383). Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a una vulnerabilidad de ejecución remota de código que implica la deserialización de varios tipos en javax.imageio en API basadas en XStream (SECURITY-383). • http://www.securityfocus.com/bid/95953 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608 https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722 https://jenkins.io/security/advisory/2017-02-01 • CWE-502: Deserialization of Untrusted Data •