SUSE CVE-2014-2067

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

GHSA-9C26-CF8C-MW43 Jenkins allows Remote Attackers to Hijack Sessions

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

GHSA-W3F5-GQ7J-M797 Jenkins Vulnerable to Clickjacking

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

GHSA-PV88-J6RG-R56P Jenkins allows attackers to obtain sensitive information

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

GHSA-8JFX-H6Q2-V4G3 Jenkins session fixation vulnerability

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

GHSA-FXJ8-CQCP-3VGQ Jenkins cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

CVE-2014-2066

Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies...

CVE-2014-2062

Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token...

CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

jenkins: interface vulnerable to clickjacking attacks (SECURITY-80)

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

jenkins: session hijacking issue in Winstone (SECURITY-106)

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...