Page 46 of 236 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 https://bugzilla.redhat.com/show_bug.cgi?id=914877 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0329 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura construir trabajos arbitrarios a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914878 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0330 •

CVSS: 4.0EPSS: 2%CPEs: 2EXPL: 0

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura provocar una denegación de servicio a través de un payload manipulado. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914879 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0331 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. Vulnerabilidad de CSRF en el maestro de Jenkins en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos secuestra la autenticación de usuarios a través de vectores desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 https://bugzilla.redhat.com/show_bug.cgi?id=914875 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0327 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a usuarios remotos autenticados con acceso de escritura inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0220.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb http://www.openwall.com/lists/oss-security/2012/12/28/1 https://bugzilla.redhat.com/show_bug.cgi?id=890612 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 https://access.redhat.com/security/cve/CVE-2012-6074 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •