CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3664 – jenkins: directory traversal flaw (SECURITY-131)
https://notcve.org/view.php?id=CVE-2014-3664
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Overall/READ leer archivos arbitrarios a través de vectores no especificados • https://access.redhat.com/errata/RHSA-2016:0070 https://bugzilla.redhat.com/show_bug.cgi?id=1147765 https://exchange.xforce.ibmcloud.com/vulnerabilities/96973 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3664 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3681 – jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)
https://notcve.org/view.php?id=CVE-2014-3681
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS in Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • https://access.redhat.com/errata/RHSA-2016:0070 https://bugzilla.redhat.com/show_bug.cgi?id=1147766 https://exchange.xforce.ibmcloud.com/vulnerabilities/96975 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2034
https://notcve.org/view.php?id=CVE-2013-2034
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors. Múltiples vulnerabilidades de CSRF en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones de (1) ejecutar código arbitrario o (2) iniciar el despliegue de binarios para un repositorio Maven a través de vectores no especificados. • http://osvdb.org/92981 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2033
https://notcve.org/view.php?id=CVE-2013-2033
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.514, LTS en versiones anteriores a 1.509.1 y Enterprise 1.466.x en versiones anteriores a 1.466.14.1 y 1.480.x en versiones anteriores a 1.480.4.1 permite a usuarios remotos autenticados con permisos de escritura inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://osvdb.org/92982 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2059
https://notcve.org/view.php?id=CVE-2014-2059
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. Vulnerabilidad de salto de directorio en la creación de trabajo de CLI (hudson/cli/CreateJobCommand.java) en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través del nombre de trabajo. • http://seclists.org/oss-sec/2014/q1/421 https://exchange.xforce.ibmcloud.com/vulnerabilities/91346 https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •