Page 5 of 60 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

https://notcve.org/view.php?id=CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. • http://rhn.redhat.com/errata/RHSA-2016-1773.html http://www.openwall.com/lists/oss-security/2024/05/02/3 https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3721 https://bugzilla.redhat.com/show_bug.cgi • CWE-17: DEPRECATED: Code •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2142 – openshift: Bind password for AD account is stored in world readable file

https://notcve.org/view.php?id=CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. Red Hat OpenShift Enterprise 3.1 utiliza permisos de lectura para todos en el archivo de configuración /etc/origin/master/master-config.yaml, lo que permite a usuarios locales obtener credenciales del Active Directory leyendo el archivo. An access flaw was discovered in OpenShift; the /etc/origin/master/master-config.yaml configuration file, which could contain Active Directory credentials, was world-readable. A local user could exploit this flaw to obtain authentication credentials from the master-config.yaml file. • https://access.redhat.com/errata/RHSA-2016:1038 https://access.redhat.com/security/cve/CVE-2016-2142 https://bugzilla.redhat.com/show_bug.cgi?id=1311220 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0

CVE-2016-0788 – jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)

https://notcve.org/view.php?id=CVE-2016-0788

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. El módulo remoting en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos ejecutar código arbitrario abriendo un listener JRMP. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:0711 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 https://access.redhat.com/security/cve/CVE-2016-0788 https://bugzilla.redhat.com/show_bug.cgi?id=1311946 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-0789 – jenkins: HTTP response splitting vulnerability (SECURITY-238)

https://notcve.org/view.php?id=CVE-2016-0789

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en la documentación de comando de la CLI en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:0711 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 https://access.redhat.com/security/cve/CVE-2016-0789 https://bugzilla.redhat.com/show_bug.cgi?id=1311947 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-0790 – jenkins: Non-constant time comparison of API token (SECURITY-241)

https://notcve.org/view.php?id=CVE-2016-0790

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 no utiliza un algoritmo de tiempo constante para verificar tokens API, lo que hace más fácil para atacantes remotos determinar tokens API a través de una aproximación por fuerza bruta. • http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:0711 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 https://access.redhat.com/security/cve/CVE-2016-0790 https://bugzilla.redhat.com/show_bug.cgi?id=1311948 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •