Page 34 of 232 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3724 – jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)

https://notcve.org/view.php?id=CVE-2016-3724

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3724 https://bugzilla.redhat.com/show_bug.cgi?id=1335418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3726 – jenkins: Open redirect to scheme-relative URLs (SECURITY-276)

https://notcve.org/view.php?id=CVE-2016-3726

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. Múltiples vulnerabilidades de redirección abierta en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados relacionados con URLs "scheme-relative". DoorGets CMS version 7.0 suffers from an open redirect vulnerability. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3726 https://bugzilla.redhat.com/show_bug.cgi?id=1335421 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3727 – jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

https://notcve.org/view.php?id=CVE-2016-3727

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configuración global a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3727 https://bugzilla.redhat.com/show_bug.cgi?id=1335422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3725 – jenkins: Regular users can trigger download of update site metadata (SECURITY-273)

https://notcve.org/view.php?id=CVE-2016-3725

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados desencadenar actualizaciones de metadatos provenientes de portales de actualización aprovechando la falta de comprobación de permisos. NOTA: este problema puede darse en combinación con el envenenamiento de la caché DNS para provocar una denegación de servicio (interrupción de servicio). • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3725 https://bugzilla.redhat.com/show_bug.cgi?id=1335420 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

https://notcve.org/view.php?id=CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. • http://rhn.redhat.com/errata/RHSA-2016-1773.html http://www.openwall.com/lists/oss-security/2024/05/02/3 https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3721 https://bugzilla.redhat.com/show_bug.cgi • CWE-17: DEPRECATED: Code •