jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

jenkins: denial of service (SECURITY-87)

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service thread consumption via vectors related to a CLI handshake...

PT-2014-5439 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: The issue allows remote attackers to cause a denial of service, specifically thread consumption, via vectors related to a CLI handshake. Recommendations: For...

jenkins: remote code execution flaw (SECURITY-150)

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel...

jenkins: directory traversal flaw (SECURITY-131)

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors...