3 matches found
BIT-JENKINS-2020-2105
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...
PT-2020-15309 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.218 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue arises from a non-constant time comparison function used when validating an HMAC. This could potentially allow attackers to use statistical...
PT-2020-15311 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.218 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue allows users with Overall/Read access to view a JVM memory usage chart, which could potentially disclose sensitive information about the system...