Page 46 of 235 results (0.014 seconds)

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-0330 – jenkins: cause building jobs without direct access

https://notcve.org/view.php?id=CVE-2013-0330

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura construir trabajos arbitrarios a través de vectores de ataque desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914878 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0330 •

CVSS: 4.0EPSS: 2%CPEs: 2EXPL: 0

CVE-2013-0331 – jenkins: denial of service attack by feeding a carefully crafted payload to Jenkins

https://notcve.org/view.php?id=CVE-2013-0331

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a usuarios remotos autenticados con acceso de escritura provocar una denegación de servicio a través de un payload manipulado. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 http://www.securityfocus.com/bid/57994 https://bugzilla.redhat.com/show_bug.cgi?id=914879 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0331 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-0327 – jenkins: cross-site request forgery (CSRF) on Jenkins master

https://notcve.org/view.php?id=CVE-2013-0327

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. Vulnerabilidad de CSRF en el maestro de Jenkins en Jenkins en versiones anteriores a 1.502 y LTS en versiones anteriores a 1.480.3 permite a atacantes remotos secuestra la autenticación de usuarios a través de vectores desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0638.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb http://www.openwall.com/lists/oss-security/2013/02/21/7 https://bugzilla.redhat.com/show_bug.cgi?id=914875 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16 https://access.redhat.com/security/cve/CVE-2013-0327 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 68EXPL: 0

CVE-2012-6072 – Jenkins: HTTP response splitting

https://notcve.org/view.php?id=CVE-2012-6072

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y lleva a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0220.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb https://bugzilla.redhat.com/show_bug.cgi?id=890607 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 https://access.redhat.com/security/cve/CVE-2012-6072 • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 68EXPL: 0

CVE-2012-6073 – Jenkins: open redirect

https://notcve.org/view.php?id=CVE-2012-6073

Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Jenkins en versiones anteriores a 1.491, Jenkins LTS en versiones anteriores a 1.480.1 y Jenkins Enterprise 1.424.x en versiones anteriores a 1.424.6.13, 1.447.x en versiones anteriores a 1.447.4.1 y 1.466.x en versiones anteriores a 1.466.10.1 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-0220.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb http://www.openwall.com/lists/oss-security/2012/12/28/1 https://bugzilla.redhat.com/show_bug.cgi?id=890608 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 https://access.redhat.com/security/cve/CVE-2012-6073 • CWE-20: Improper Input Validation •