CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 1CVE-2016-3726 – jenkins: Open redirect to scheme-relative URLs (SECURITY-276)
https://notcve.org/view.php?id=CVE-2016-3726
17 May 2016 — Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. Múltiples vulnerabilidades de redirección abierta en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados rel... • https://packetstorm.news/files/id/143229 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3723 – jenkins: Information on installed plugins exposed via API (SECURITY-250)
https://notcve.org/view.php?id=CVE-2016-3723
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso a lectura obtener información sensible de instalación de plugin aprovechando la falta de comprobaciones de permisos en dispositivos XML/JSON API no especificad... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3724 – jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)
https://notcve.org/view.php?id=CVE-2016-3724
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con acceso avanzado a lectura obtener información sensible de contraseña leyendo la configuración de trabajo. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for ... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3727 – jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
https://notcve.org/view.php?id=CVE-2016-3727
17 May 2016 — The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. La URL API computer/(master)/api/xml en Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 permite a usuarios remotos autenticados con permiso avanzado de lectura para el nodo maestro obtener información sensible sobre la configur... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
https://notcve.org/view.php?id=CVE-2016-3721
17 May 2016 — Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution desi... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-17: DEPRECATED: Code •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3711 – haproxy: Setting cookie containing internal IP address of a pod
https://notcve.org/view.php?id=CVE-2016-3711
13 May 2016 — HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la dirección IP interna de un pod leyendo la cookie "OPENSHIFT_[namespace]_SERVERID". An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT_[namespace]_SERVERID"... • https://access.redhat.com/errata/RHSA-2016:1064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2149 – 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created
https://notcve.org/view.php?id=CVE-2016-2149
13 May 2016 — Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. Red Hat OpenShift Enterprise 3.2 permite a usuarios remotos autenticados leer archivos de registro de otro espacio de nombre utilizando el mismo nombre que un espacio de nombre que haya sido eliminado cuando se crea un nuevo espacio de nombre. It was found that OpenShift Enterprise would disclose log file contents ... • https://access.redhat.com/errata/RHSA-2016:1064 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2160 – Privilege escalation when changing root password in sti builder image
https://notcve.org/view.php?id=CVE-2016-2160
13 May 2016 — Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti. A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that execute... • https://access.redhat.com/errata/RHSA-2016:1064 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2142 – openshift: Bind password for AD account is stored in world readable file
https://notcve.org/view.php?id=CVE-2016-2142
12 May 2016 — Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. Red Hat OpenShift Enterprise 3.1 utiliza permisos de lectura para todos en el archivo de configuración /etc/origin/master/master-config.yaml, lo que permite a usuarios locales obtener credenciales del Active Directory leyendo el archivo. An access flaw was discovered in OpenShift; the /etc/origin... • https://access.redhat.com/errata/RHSA-2016:1038 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0788 – jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)
https://notcve.org/view.php?id=CVE-2016-0788
07 Apr 2016 — The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. El módulo remoting en Jenkins en versiones anteriores a 1.650 y LTS en versiones anteriores a 1.642.2 permite a atacantes remotos ejecutar código arbitrario abriendo un listener JRMP. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Jenkins is a continuous integrat... • http://rhn.redhat.com/errata/RHSA-2016-1773.html • CWE-264: Permissions, Privileges, and Access Controls •