Page 35 of 237 results (0.019 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3724 – jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)

https://notcve.org/view.php?id=CVE-2016-3724

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3724 https://bugzilla.redhat.com/show_bug.cgi?id=1335418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3727 – jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

https://notcve.org/view.php?id=CVE-2016-3727

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configuración global a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3727 https://bugzilla.redhat.com/show_bug.cgi?id=1335422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3723 – jenkins: Information on installed plugins exposed via API (SECURITY-250)

https://notcve.org/view.php?id=CVE-2016-3723

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso a lectura obtener información sensible de instalación de plugin aprovechando la falta de comprobaciones de permisos en dispositivos XML/JSON API no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3723 https://bugzilla.redhat.com/show_bug.cgi?id=1335417 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

https://notcve.org/view.php?id=CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. • http://rhn.redhat.com/errata/RHSA-2016-1773.html http://www.openwall.com/lists/oss-security/2024/05/02/3 https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3721 https://bugzilla.redhat.com/show_bug.cgi • CWE-17: DEPRECATED: Code •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-0791 – jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)

https://notcve.org/view.php?id=CVE-2016-0791

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 no utiliza un algoritmo de tiempo constante para verificar tokens CSRF, lo que hace más fácil para atacantes remotos eludir el mecanismo de protección CSRF a través de una aproximación por fuerza bruta. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:0711 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 https://access.redhat.com/security/cve/CVE-2016-0791 https://bugzilla.redhat.com/show_bug.cgi?id=1311949 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •