CVE-2018-1000105

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...

CVE-2016-1000105

CVE-2016-1000105 is a withdrawn candidate (not a security issue) per multiple sources; however, connected docs describe nginx and CGI-related implications linked to the httpoxy issue where an attacker could cause redirection of HTTP traffic via the HTTP_PROXY environment variable set through the ...

Security Bulletin: Multiple vulnerabilities affecting web servers that run code in a CGI or CGI-like context affects IBM API Connect (CVE-2016-5385, CVE-2016-1000105)

Summary IBM API Connect is affected by multiple vulnerabilities relating to web servers that run code in a CGI or CGI-like context CVE-2016-5385, CVE-2016-1000105. IBM has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker to...

CVE-2018-1000105

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...

CVE-2018-1000105

The CVE-2018-1000105 entry corresponds to an information-disclosure flaw in the Jenkins Gerrit Trigger Plugin (versions 2.27.4 and earlier). The root cause is improper authorization in GerritManagement.java, GerritServer.java, and PluginImpl.java, allowing an attacker with Overall/Read access to ...

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient...

CVE-2017-1000105

CVE-2017-1000105 affects Jenkins Blue Ocean: an optional Run/Artifacts permission can be enabled via a Java system property, and Blue Ocean did not verify this permission before granting access to archived artifacts, with Item/Read permission being sufficient. Several connected advisories note th...

CVE-2016-1000105

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...