Lucene search
K

298 matches found

NVD
NVD
added 2018/05/15 9:29 p.m.19 views

CVE-2017-2603

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

3.5CVSS3.5AI score0.01066EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/05/15 9:29 p.m.18 views

CVE-2017-2603

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

3.5CVSS6.3AI score0.01066EPSS
Exploits0References2
Prion
Prion
added 2018/05/15 9:29 p.m.16 views

Design/Logic Flaw

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

3.5CVSS3.9AI score0.01066EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/05/15 9:0 p.m.20 views

CVE-2017-2603

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

2.6CVSS4.2AI score0.01066EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/05/24 2:42 p.m.59 views

Snapchat: Open prod Jenkins instance

@prebenve found a Jenkins instance where they could login with any valid Google account. Once logged in, they gained access to sensitive API tokens. The access also included some source code disclosure for public apps and the ability to execute arbitrary code via the Jenkins Script Console...

3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/02/02 3:21 p.m.17 views

CVE-2017-2603

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens SECURITY-362...

3.5CVSS2.7AI score0.01066EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/08/24 7:41 p.m.9 views

jenkins: Non-constant time comparison of API token (SECURITY-241)

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach...

5.3CVSS5.9AI score0.02105EPSS
Exploits0References5
Hacker One
Hacker One
added 2016/04/25 12:37 a.m.26 views

GitLab: Confidential issues leaked in public projects when attached to milestone

Vulnerability details When a confidential issue in a public or internal project is attached to a milestone, it is exposed through the GitLab API. Proof of concept As a victim, create a new public or internal project. Lets state that the project has ID 1. Create a milestone for this project. After...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/04/24 11:8 p.m.15 views

GitLab: Attacker can delete (and read) private project webhooks

Vulnerability details An attacker can delete and read webhooks that are configured for all projects on a GitLab instance. This includes private projects. This is a bad vulnerability because these webhooks contain private API tokens most of the time. Proof of concept As a victim, create a project...

6.6AI score
Exploits0
CVE
CVE
added 2016/04/07 11:0 p.m.130 views

CVE-2016-0790

Jenkins CVE-2016-0790 affects Jenkins core before 1.650 and LTS before 1.642.2, where API token verification does not use a constant-time algorithm—enabling remote attackers to brute-force tokens. The linked sources confirm this cryptographic weakness and tie it to Jenkins releases prior to these...

5.3CVSS6.8AI score0.02105EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/14 12:0 a.m.96 views

Jenkins < 1.642.2 / 1.650 and Jenkins Enterprise < 1.609.16.1 / 1.625.16.1 / 1.642.2.1 Multiple Vulnerabilities

The remote web server hosts a version of Jenkins that is prior to 1.650, or a version of Jenkins LTS prior to 1.642.2; or else a version of Jenkins Enterprise that is 1.642.x.y prior to 1.642.2.1, 1.625.x.y prior to 1.625.16.1, or 1.609.x.y prior to 1.609.16.1. It is, therefore, affected by the...

10CVSS7.3AI score0.82697EPSS
Exploits25References10
NVD
NVD
added 2015/11/25 8:59 p.m.19 views

CVE-2015-5323

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

6.5CVSS6.6AI score0.01491EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/11/25 8:59 p.m.24 views

CVE-2015-5323

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

6.5CVSS7.2AI score0.01491EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/11/25 8:0 p.m.32 views

CVE-2015-5323

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

9.6AI score0.01491EPSS
Exploits0References3
CVE
CVE
added 2015/11/25 8:0 p.m.74 views

CVE-2015-5323

CVE-2015-5323 affects Jenkins: versions before 1.638 and the LTS line prior to 1.625.2 do not properly restrict access to API tokens, which could allow a remote administrator to gain privileges and run scripts using another user’s API token. Mitigation is to upgrade to Jenkins 1.638 or later, and...

6.5CVSS8.6AI score0.01491EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2015/10/24 7:40 a.m.236 views

X (Formerly Twitter): IDOR- Activate Mopub on different organizations- steal api token- Fabric.io

Hello, There is an option to enroll your organization in fabric.io for mopub , but this particular end point is missing proper authorization checks allowing any user to steal API tokens. Vulnerable request ================ POST /api/v3/organizations/5460d2394b793294df01104a/mopub/activate HTTP/1....

6.7AI score
Exploits0
FreeBSD
FreeBSD
added 2013/01/04 12:0 a.m.13 views

jenkins -- HTTP access to the server to retrieve the master cryptographic key

Jenkins Security Advisory reports: This advisory announces a security vulnerability that was found in Jenkins core. An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls. The...

3.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2010/05/28 12:0 a.m.34 views

Mandriva Update for krb5 MDVSA-2010:100 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVSA-2010:100 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

6.8CVSS6.1AI score0.06884EPSS
Exploits2References2
Rows per page
Query Builder