Lucene search
K

14 matches found

Redos
Redos
added 2026/05/24 12:0 a.m.14 views

ROS-20260524-73-0044

A vulnerability in the Jenkins Automation Server is related to incorrect symbolic link detection prior to file access during .tar and .tar.gz archive extraction. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...

8.8CVSS6.1AI score0.01161EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.6 views

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the lack of security measures for website structure protection, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.00243EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.7 views

The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server, related to the lack of data encryption measures, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Aqua Security Scanner plugin in the Jenkins automation server is related to the lack of data encryption measures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/11 12:0 a.m.6 views

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the storage of information in an open manner, allows a malicious actor to gain unauthorized access to the protected information.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers lies in the fact that information is stored in an open manner within the config.xml configuration file. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the...

6.8CVSS5.4AI score0.00197EPSS
Exploits0References2Affected Software1
Redos
Redos
added 2025/04/17 12:0 a.m.8 views

ROS-20250417-03

The Jenkins Automation Server vulnerability is related to the fact that the vulnerable plugin does not edit encrypted secret values when accessing config.xml of agents via REST API or CLI. Exploitation of the vulnerability could Allow an attacker acting remotely to gain access to potentially...

5.4CVSS7.2AI score0.00684EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/15 12:0 a.m.7 views

The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. This vulnerability allows a attacker to execute a “man-in-the-middle” type attack.

The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...

9.4CVSS5.8AI score0.00411EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.6 views

The vulnerability of the Jenkins automation server, related to deficiencies in authentication procedures, allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...

4.3CVSS6.4AI score0.00375EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.6 views

The vulnerability of the Stack Hammer plugin on the Jenkins automation server, related to deficiencies in access control, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Stack Hammer plugin in the Jenkins automation server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.6 views

Jenkins plugin Pipeline:Groovy 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

8CVSS7.5AI score0.0044EPSS
Exploits1References3
Redos
Redos
added 2024/10/15 12:0 a.m.13 views

ROS-20241015-08

A vulnerability in the Jenkins Automation Server is related to an issue with item creation constraint bypass. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the restrictions and create a temporary item The Jenkins Automation Server vulnerability exists because...

4.3CVSS6.9AI score0.0084EPSS
Exploits0
Redos
Redos
added 2024/09/19 12:0 a.m.16 views

ROS-20240918-10

The Jenkins Automation Server vulnerability is related to a lack of permission checking at the endpoint of the HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Jenkins Automation Server Remoting library vulnerability is...

8.8CVSS7.6AI score0.28782EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/08/12 12:0 a.m.5 views

The vulnerability of the Jenkins Automation Remoting server library allows for the execution of arbitrary code.

The vulnerability of the Jenkins Automation Remoting server library is related to deficiencies in path name restrictions for restricted access catalogs. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading class and resource files from the controller via...

9CVSS7.4AI score0.28782EPSS
Exploits4References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/10 12:0 a.m.4 views

The vulnerability of the Jenkins automation server, related to the absence of the HTTP header Content-Security-Policy, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the Jenkins automation server is related to the absence of the HTTP header Content-Security-Policy. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

5.5CVSS5.6AI score0.01159EPSS
Exploits0References5Affected Software1
Saint
Saint
added 2017/08/15 12:0 a.m.78 views

Jenkins groovy.util.Expando Java deserialization vulnerability

Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...

9CVSS7.6AI score0.82697EPSS
Exploits23
Rows per page
Query Builder