14 matches found
ROS-20260524-73-0044
A vulnerability in the Jenkins Automation Server is related to incorrect symbolic link detection prior to file access during .tar and .tar.gz archive extraction. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...
The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the lack of security measures for website structure protection, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Applitools Eyes plugin in Jenkins automation servers is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server, related to the lack of data encryption measures, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server is related to the lack of data encryption measures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the storage of information in an open manner, allows a malicious actor to gain unauthorized access to the protected information.
The vulnerability of the Applitools Eyes plugin in Jenkins automation servers lies in the fact that information is stored in an open manner within the config.xml configuration file. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the...
ROS-20250417-03
The Jenkins Automation Server vulnerability is related to the fact that the vulnerable plugin does not edit encrypted secret values when accessing config.xml of agents via REST API or CLI. Exploitation of the vulnerability could Allow an attacker acting remotely to gain access to potentially...
The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. This vulnerability allows a attacker to execute a “man-in-the-middle” type attack.
The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...
The vulnerability of the Jenkins automation server, related to deficiencies in authentication procedures, allows attackers to escalate their privileges and gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...
The vulnerability of the Stack Hammer plugin on the Jenkins automation server, related to deficiencies in access control, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Stack Hammer plugin in the Jenkins automation server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
Jenkins plugin Pipeline:Groovy 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
ROS-20241015-08
A vulnerability in the Jenkins Automation Server is related to an issue with item creation constraint bypass. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the restrictions and create a temporary item The Jenkins Automation Server vulnerability exists because...
ROS-20240918-10
The Jenkins Automation Server vulnerability is related to a lack of permission checking at the endpoint of the HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Jenkins Automation Server Remoting library vulnerability is...
The vulnerability of the Jenkins Automation Remoting server library allows for the execution of arbitrary code.
The vulnerability of the Jenkins Automation Remoting server library is related to deficiencies in path name restrictions for restricted access catalogs. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading class and resource files from the controller via...
The vulnerability of the Jenkins automation server, related to the absence of the HTTP header Content-Security-Policy, allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the Jenkins automation server is related to the absence of the HTTP header Content-Security-Policy. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...
Jenkins groovy.util.Expando Java deserialization vulnerability
Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...