CVE-2014-2059
https://notcve.org/view.php?id=CVE-2014-2059
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. Vulnerabilidad de salto de directorio en la creación de trabajo de CLI (hudson/cli/CreateJobCommand.java) en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través del nombre de trabajo. • http://seclists.org/oss-sec/2014/q1/421 https://exchange.xforce.ibmcloud.com/vulnerabilities/91346 https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-5573 – Jenkins 1.523 - Persistent HTML Code
https://notcve.org/view.php?id=CVE-2013-5573
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. Vulnerabilidad de XSS en el formateador de marcado por defecto en Jenkins 1.523 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Description en la configuración de usuario. • https://www.exploit-db.com/exploits/30408 http://packetstormsecurity.com/files/124513 http://seclists.org/bugtraq/2013/Dec/104 http://seclists.org/fulldisclosure/2013/Dec/159 http://www.exploit-db.com/exploits/30408 http://www.osvdb.org/101187 http://www.securityfocus.com/bid/64414 https://exchange.xforce.ibmcloud.com/vulnerabilities/89872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0328 – jenkins: XSS
https://notcve.org/view.php?id=CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914876 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-0329 – jenkins: cross-site request forgery (CSRF) protection mechanism bypass
https://notcve.org/view.php?id=CVE-2013-0329
Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 https://bugzilla.redhat.com/show_bug.cgi?id=914877 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0329 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-0330 – jenkins: cause building jobs without direct access
https://notcve.org/view.php?id=CVE-2013-0330
Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura construir trabajos arbitrarios a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914878 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0330 •