Page 40 of 213 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 no invalida el token de la API cuando es eliminado un usuario, lo que permite a usuarios remotos autenticados conservar el acceso a través del token. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. BuildTrigger en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados eludir las restricciones de acceso y ejecutar trabajos arbitrarios configurando un trabajo para desencadenar otro trabajo. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-7330. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. El control de entrada en PasswordParameterDefinition en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos obtener contraseñas leyendo el código fuente HTML, relacionado con el valor por defecto. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. El contenedor de servlet Winstone en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 •