SUSE CVE-2015-7537

Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...

GHSA-5MWR-JG3R-JV66 Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message...

GHSA-89VC-7FRQ-2RFJ Jenkins has Local File Inclusion Vulnerability

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/...

GHSA-5XMF-9VGR-53MJ Jenkins allows Unauthorized Viewing of Queue API Information

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

jenkins: Secret key not verified when connecting a slave (SECURITY-184)

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave...

jenkins: Public value used for CSRF protection salt (SECURITY-169)

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...

jenkins: Information disclosure via sidepanel (SECURITY-192)

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

CloudBees Jenkins Directory Traversal Vulnerability

CloudBees Jenkins is the open source continuous integration server. A directory traversal vulnerability exists in the implementation of CloudBees Jenkins 1.638, prior to LTS 1.625.2, where a remote attacker can list the contents of the directory and read arbitrary files within the resources of th...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2015-07825)

CloudBees Jenkins is the open source continuous integration server. A security vulnerability exists in the sidepanel widget in the CLI command overview and help pages of CloudBees Jenkins 1.638, LTS before 1.625.2, which allows remote attackers to obtain sensitive information by directly requesti...

PT-2015-7730 · Cloudbees +2 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic...

PT-2015-6850 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2 Description: The issue allows remote attackers to obtain sensitive job and build name information via a direct request to the Fingerprints pages. This is an information...