CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0328 – jenkins: XSS
https://notcve.org/view.php?id=CVE-2013-0328
Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914876 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2013-0329 – jenkins: cross-site request forgery (CSRF) protection mechanism bypass
https://notcve.org/view.php?id=CVE-2013-0329
Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 https://bugzilla.redhat.com/show_bug.cgi?id=914877 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0329 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0330 – jenkins: cause building jobs without direct access
https://notcve.org/view.php?id=CVE-2013-0330
Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura construir trabajos arbitrarios a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914878 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0330 •
CVSS: 4.0EPSS: 2%CPEs: 2EXPL: 0CVE-2013-0331 – jenkins: denial of service attack by feeding a carefully crafted payload to Jenkins
https://notcve.org/view.php?id=CVE-2013-0331
Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura provocar una denegación de servicio a través de un payload manipulado. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914879 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0331 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0CVE-2012-6072 – Jenkins: HTTP response splitting
https://notcve.org/view.php?id=CVE-2012-6072
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y lleva a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0220.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb https://bugzilla.redhat.com/show_bug.cgi?id=890607 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 https://access.redhat.com/security/cve/CVE-2012-6072 • CWE-20: Improper Input Validation •