CVE-2014-2060
https://notcve.org/view.php?id=CVE-2014-2060
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. El contenedor de servlet Winstone en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 •
CVE-2014-2061
https://notcve.org/view.php?id=CVE-2014-2061
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. El control de entrada en PasswordParameterDefinition en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos obtener contraseñas leyendo el código fuente HTML, relacionado con el valor por defecto. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-310: Cryptographic Issues •
CVE-2014-2066
https://notcve.org/view.php?id=CVE-2014-2066
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. Vulnerabilidad de fijación de sesión en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos secuestrar sesiones web a través de vectores implicando las cookies "override" de Jenkins. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-287: Improper Authentication •
CVE-2013-7330
https://notcve.org/view.php?id=CVE-2013-7330
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. Jenkins en versiones anteriores a 1.502 permite a usuarios remotos autenticados configurar un proyecto restringido de otro modo a través de vectores relacionados con acciones post-build. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3661 – jenkins: denial of service (SECURITY-87)
https://notcve.org/view.php?id=CVE-2014-3661
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3661 https://bugzilla.redhat.com/show_bug.cgi?id=1147758 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •