Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 6:14 p.m.12 views

CVE-2026-53439

A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...

4.3CVSS5.1AI score0.00234EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/05 12:7 p.m.2 views

jenkins: Exposure of multi-line secrets through error messages

A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

4.3CVSS5.7AI score0.00822EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/09/22 11:54 a.m.33 views

CVE-2023-43494

A flaw was found in Jenkins weekly and LTS caused by not excluding sensitive build variables when filtering builds in the build history widget. By sending a specially crafted request, a remote, authenticated attacker could obtain values of sensitive variables used in builds and use this informati...

4.3CVSS4.9AI score0.03388EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/05/04 6:22 p.m.3 views

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.9AI score0.01443EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/13 1:49 p.m.5 views

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.9AI score0.01443EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.5 views

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.9AI score0.01443EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/29 7:5 a.m.4 views

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system...

6.5CVSS5.8AI score0.01668EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/18 1:35 a.m.2 views

jenkins: CSRF protection tokens for anonymous users did not expire in some circumstances (SECURITY-1491)

A flaw was found in Jenkins. Users are allowed to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. The highest threat from this vulnerability is to data confidentiality and...

8.8CVSS7.2AI score0.01578EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/09/20 10:41 a.m.4 views

jenkins: CSRF protection tokens for anonymous users did not expire in some circumstances (SECURITY-1491)

A flaw was found in Jenkins. Users are allowed to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. The highest threat from this vulnerability is to data confidentiality and...

8.8CVSS7.2AI score0.01578EPSS
Exploits0References5
Rows per page
Query Builder