Page 27 of 233 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371). En Jenkins en versiones anteriores a la 2.44 y 2.32.2, los usuarios de privilegios bajos podían realizar acciones en los monitores administrativos debido a que no estaban protegidos de forma consistente por controles de permisos (SECURITY-371). • http://www.securityfocus.com/bid/95959 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604 https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8 https://jenkins.io/security/advisory/2017-02-01 • CWE-287: Improper Authentication CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388). Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a Cross-Site Scripting (XSS) persistente en las sugerencias de búsqueda debido al escapado incorrecto de usuarios con los caracteres "menor que" y "mayor que" en sus nombres (SECURITY-388). • http://www.securityfocus.com/bid/95951 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2610 https://github.com/jenkinsci/jenkins/commit/307ed31caba68a46426b8c73a787a05add2c7489 https://jenkins.io/security/advisory/2017-02-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383). Jenkins en versiones anteriores a la 2.44 y 2.32.2 es vulnerable a una vulnerabilidad de ejecución remota de código que implica la deserialización de varios tipos en javax.imageio en API basadas en XStream (SECURITY-383). • http://www.securityfocus.com/bid/95953 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2608 https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722 https://jenkins.io/security/advisory/2017-02-01 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK. En Jenkins en versiones anteriores a la 2.44 y 2.32.2, usuarios con pocos privilegios fueron capaces de omitir las credenciales de descarga JDK (SECURITY-392), lo que resulta en que las próximas builds no puedan descargar un JDK. • http://www.securityfocus.com/bid/95957 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612 https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722 https://jenkins.io/security/advisory/2017-02-01 • CWE-358: Improperly Implemented Security Check for Standard CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343). En Jenkins en versiones anteriores a la 2.44 y 2.32.2, los usuarios con privilegios bajos podrían visualizar los datos del monitor de nodos mediante la API remota. Estos datos incluyen la configuración del sistema y la información de arranque de estos nodos (SECURITY-343). • http://www.securityfocus.com/bid/95954 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2600 https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e9f92fdc0899 https://jenkins.io/security/advisory/2017-02-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step •