Page 45 of 237 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors. Múltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones de (1) ejecutar código arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a través de vectores no especificados. • http://osvdb.org/92981 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permite a usuarios remotos autenticados con permisos de escritura inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/92982 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." Vulnerabilidad de XSS en java/hudson/model/Cause.java en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una "nota de causa remota". • http://seclists.org/oss-sec/2014/q1/421 https://exchange.xforce.ibmcloud.com/vulnerabilities/91354 https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. Vulnerabilidad de salto de directorio en la creación de trabajo de CLI (hudson/cli/CreateJobCommand.java) en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través del nombre de trabajo. • http://seclists.org/oss-sec/2014/q1/421 https://exchange.xforce.ibmcloud.com/vulnerabilities/91346 https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 4

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. Vulnerabilidad de XSS en el formateador de marcado por defecto en Jenkins 1.523 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Description en la configuración de usuario. • https://www.exploit-db.com/exploits/30408 http://packetstormsecurity.com/files/124513 http://seclists.org/bugtraq/2013/Dec/104 http://seclists.org/fulldisclosure/2013/Dec/159 http://www.exploit-db.com/exploits/30408 http://www.osvdb.org/101187 http://www.securityfocus.com/bid/64414 https://exchange.xforce.ibmcloud.com/vulnerabilities/89872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •