SUSE CVE-2014-2065

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

SUSE CVE-2014-2066

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

SUSE CVE-2014-2067

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

GHSA-9C26-CF8C-MW43 Jenkins allows Remote Attackers to Hijack Sessions

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

GHSA-W3F5-GQ7J-M797 Jenkins Vulnerable to Clickjacking

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

GHSA-PV88-J6RG-R56P Jenkins allows attackers to obtain sensitive information

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

GHSA-8JFX-H6Q2-V4G3 Jenkins session fixation vulnerability

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

GHSA-FXJ8-CQCP-3VGQ Jenkins cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

GHSA-V759-3FH9-84MX Jenkins directory traversal vulnerability

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

CVE-2014-2066

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

CVE-2014-2062

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token...

CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

CVE-2014-2065

CVE-2014-2065 is a cross-site scripting (XSS) vulnerability in Jenkins where an attacker could inject arbitrary script via the iconSize cookie. Affected: Jenkins before 1.551 and LTS before 1.532.2. Root cause: improper handling of the iconSize cookie. Impact details are provided, but exploitatio...

jenkins: input validation issue (SECURITY-77)

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

jenkins: interface vulnerable to clickjacking attacks (SECURITY-80)

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

jenkins: user tokens not invalidated correctly (SECURITY-89)

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token...

jenkins: session hijacking issue in Winstone (SECURITY-106)

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

jenkins: stored cross-site scripting flaw (SECURITY-74)

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

CVE-2014-2067

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...