CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2066
https://notcve.org/view.php?id=CVE-2014-2066
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. Vulnerabilidad de fijación de sesión en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos secuestrar sesiones web a través de vectores implicando las cookies "override" de Jenkins. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7330
https://notcve.org/view.php?id=CVE-2013-7330
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. Jenkins en versiones anteriores a 1.502 permite a usuarios remotos autenticados configurar un proyecto restringido de otro modo a través de vectores relacionados con acciones post-build. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3661 – jenkins: denial of service (SECURITY-87)
https://notcve.org/view.php?id=CVE-2014-3661
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3661 https://bugzilla.redhat.com/show_bug.cgi?id=1147758 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3662 – jenkins: username discovery (SECURITY-110)
https://notcve.org/view.php?id=CVE-2014-3662
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos enumerar nombres de usuarios a través de vectores relacionados con intentos de inicio de sesión. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3662 https://bugzilla.redhat.com/show_bug.cgi?id=1147759 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3663 – jenkins: job configuration issues (SECURITY-127, SECURITY-128)
https://notcve.org/view.php?id=CVE-2014-3663
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3663 https://bugzilla.redhat.com/show_bug.cgi?id=1147764 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •