Page 34 of 236 results (0.009 seconds)

CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 2

CVE-2016-9299 – Jenkins CLI - HTTP Java Deserialization

https://notcve.org/view.php?id=CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. El módulo remoting en Jenkins en versiones anteriores a 2.32 y LTS en versiones anteriores a 2.19.3 permite a atacantes remotos ejecutar código arbitrario a través de un objeto Java serializado, lo que desencadena una consulta LDAP a un servidor de terceros. • https://www.exploit-db.com/exploits/44642 https://github.com/r00t4dm/Jenkins-CVE-2016-9299 http://www.openwall.com/lists/oss-security/2016/11/12/4 http://www.openwall.com/lists/oss-security/2016/11/14/9 http://www.securityfocus.com/bid/94281 http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ https://groups.google.com/forum/# • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3725 – jenkins: Regular users can trigger download of update site metadata (SECURITY-273)

https://notcve.org/view.php?id=CVE-2016-3725

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados desencadenar actualizaciones de metadatos provenientes de portales de actualización aprovechando la falta de comprobación de permisos. NOTA: este problema puede darse en combinación con el envenenamiento de la caché DNS para provocar una denegación de servicio (interrupción de servicio). • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3725 https://bugzilla.redhat.com/show_bug.cgi?id=1335420 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3722 – jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)

https://notcve.org/view.php?id=CVE-2016-3722

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a usuarios remotos autenticados con múltiples cuentas provocar una denegación de servicio (sin posibilidad de acceso) editando el "full name". • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3722 https://bugzilla.redhat.com/show_bug.cgi?id=1335416 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3726 – jenkins: Open redirect to scheme-relative URLs (SECURITY-276)

https://notcve.org/view.php?id=CVE-2016-3726

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. Múltiples vulnerabilidades de redirección abierta en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados relacionados con URLs "scheme-relative". DoorGets CMS version 7.0 suffers from an open redirect vulnerability. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3726 https://bugzilla.redhat.com/show_bug.cgi?id=1335421 •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3724 – jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)

https://notcve.org/view.php?id=CVE-2016-3724

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3724 https://bugzilla.redhat.com/show_bug.cgi?id=1335418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •