CVSS: 6.5EPSS: 28%CPEs: 3EXPL: 0CVE-2018-6356
https://notcve.org/view.php?id=CVE-2018-6356
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. Jenkins, en versiones anteriores a la 2.107 y Jenkins LTS, en versiones anteriores a la 2.89.4, no evitaban correctamente la especificación de rutas relativas que escapaban un directorio base para las URL que acceden a archivos de recurso de los plugins. • http://www.openwall.com/lists/oss-security/2018/02/14/1 http://www.securityfocus.com/bid/103037 https://jenkins.io/security/advisory/2018-02-14 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000068
https://notcve.org/view.php?id=CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. En el servicio KeyStore, hay una omisión de permisos que permite el acceso a recursos protegidos. Esto podría llevar a un escalado de privilegios local sin necesitar privilegios de ejecución del sistema. No se necesita interacción del usuario para explotarlo. Producto: Android. • http://www.securityfocus.com/bid/103101 https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000067
https://notcve.org/view.php?id=CVE-2018-1000067
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. Existe una sobrelectura de búfer basado en memoria dinámica (heap) en la función Exiv2::Image::byteSwap4 de image.cpp en la versión 0.26 de Exiv2. Los atacantes remotos pueden explotar esta vulnerabilidad para revelar datos de la memoria o provocar una denegación de servicio (DoS) mediante un archivo TIFF manipulado. • https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1000355
https://notcve.org/view.php?id=CVE-2017-1000355
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void. Jenkins, en versiones 2.56 y anteriores y 2.46.1 LTS y anteriores, es vulnerable al cierre inesperado de Java XStream: al intentar crear una instancia void/Void. • http://www.securityfocus.com/bid/98066 https://jenkins.io/security/advisory/2017-04-26 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-1000354
https://notcve.org/view.php?id=CVE-2017-1000354
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. Jenkins, en versiones 2.56 y anteriores y 2.46.1 LTS y anteriores, es vulnerable a un comando login que permitía suplantar a cualquier usuario de Jenkins. El comando "login" disponible en la interfaz de línea de comandos basada en remoto almacenaba el nombre de usuario cifrado del usuario autenticado de forma exitosa en un archivo de caché empleado para autenticar más comandos. • http://www.securityfocus.com/bid/98065 https://jenkins.io/security/advisory/2017-04-26 • CWE-287: Improper Authentication •