Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2026/05/13 3:53 p.m.9 views

SUSE CVE-2017-1000362

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINSHOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the...

9.8CVSS7.3AI score0.01721EPSS
Exploits0References3
Prion
Prion
added 2023/05/16 4:15 p.m.24 views

Design/Logic Flaw

Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system...

4CVSS4.7AI score0.00503EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2018/02/20 3:29 p.m.52 views

CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

6.5CVSS6.8AI score0.0388EPSS
Exploits0References1
Metasploit
Metasploit
added 2017/06/27 5:37 a.m.91 views

Jenkins Credential Collector

This module can be used to extract saved Jenkins credentials, user tokens, SSH keys, and secrets. Interesting files will be stored in loot along with combined csv output. require 'nokogiri' require 'base64' require 'digest' require 'openssl' require 'sshkey' class MetasploitModule 'Jenkins...

6.8AI score
Exploits0
Rows per page
Query Builder