CVSS: 6.8EPSS: 0%CPEs: 60EXPL: 0CVE-2013-0158 – jenkins: remote unauthenticated retrieval of master cryptographic key (Jenkins Security Advisory 2013-01-04)
https://notcve.org/view.php?id=CVE-2013-0158
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors. Vulnerabilidad no especificada en Jenkins en versiones anteriores a 1.498, Jenkins LTS en versiones anteriores a 1.480.2 y Jenkins Enterprise 1.447.x en versiones anteriores a 1.447.6.1 y 1.466.x en versiones anteriores a 1.466.12.1, cuando se conecta un esclavo y el acceso de lectura anónima está habilitado, permite a atacantes remotos obtener la clave de cifrado maestra a través de vectores desconocidos. • http://rhn.redhat.com/errata/RHSA-2013-0220.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-01-04.cb http://www.openwall.com/lists/oss-security/2013/01/07/4 https://bugzilla.redhat.com/show_bug.cgi?id=892795 https://github.com/jenkinsci/jenkins/commit/3dc13b957b14cec649036e8dd517f0f9cb21fb04 https://github.com/jenkinsci/jenkins/commit/4895eaafca468b7f0f1a3166b2fca7414f0d5da5 https://github.com/jenkinsci/jenkins/commit/94a8789b699132dd706021a6be1b78bc47f19602 https://github.com/jenkinsci/jenki •
CVSS: 4.3EPSS: 0%CPEs: 144EXPL: 0CVE-2012-0324
https://notcve.org/view.php?id=CVE-2012-0324
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anteriores a 1.424.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2012-0325. • http://jvn.jp/en/jp/JVN14791558/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb http://www.securityfocus.com/bid/52384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 144EXPL: 0CVE-2012-0325
https://notcve.org/view.php?id=CVE-2012-0325
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. Vulnerabilidad de XSS en Jenkins en versiones anteriores a 1.454, Jenkins LTS en versiones anteriores a 1.424.5 y Jenkins Enterprise 1.400.x en versiones anteriores a 1.400.0.13 y 1.424.x en versiones anteriores a 1.424.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2012-0324. • http://jvn.jp/en/jp/JVN79950061/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb http://www.securityfocus.com/bid/52384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4344
https://notcve.org/view.php?id=CVE-2011-4344
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. Vulnerabilidad de XSS en Jenkins Core en Jenkins en versiones anteriores a 1.438 y 1.409 LTS en versiones anteriores a 1.409.3 LTS, cuando se utiliza un contenedor independiente, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con mensajes de error. • http://groups.google.com/group/jenkinsci-advisories/msg/1b94588f90f876b5?dmode=source&output=gplain http://openwall.com/lists/oss-security/2011/11/23/5 http://openwall.com/lists/oss-security/2011/11/23/6 http://secunia.com/advisories/46911 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb http://www.securityfocus.com/bid/50786 https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •