Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.31 views

Missing Authorization in Jenkins

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

4.3CVSS4.7AI score0.01647EPSS
Exploits0References8Affected Software2
CNVD
CNVD
added 2019/07/25 12:0 a.m.1 views

CloudBees Jenkins CSRF Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2019/07/22 12:0 a.m.11 views

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2019-26388)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

4.3CVSS6.3AI score0.01647EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/22 12:0 a.m.5 views

CloudBees Jenkins Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

7.5CVSS6.8AI score0.01502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/07/17 7:21 p.m.24 views

CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

4.3CVSS4.3AI score0.01647EPSS
Exploits0References4
OSV
OSV
added 2019/07/17 4:15 p.m.26 views

CVE-2019-10353

CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection...

7.5CVSS6.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/07/17 12:0 a.m.2 views

PT-2019-2964 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.185 and earlier Jenkins LTS versions 2.176.1 and earlier Description: The issue is related to the absence of a web session identifier in Jenkins, which can be exploited by a remote attacker to perform a cross-site request...

7.6CVSS7.6AI score0.01502EPSS
Exploits0References12
Rows per page
Query Builder