Lucene search
+L

6 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 3:44 a.m.4 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1605 more potentially affected by CVE-2017-1000354 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.46.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2017-1000354 Source advisory: OSV:GHSA-R57F-7XW3-Q2R9...

8.8CVSS7.2AI score0.01214EPSS
Exploits1
Cvelist
Cvelist
added 2018/01/29 5:0 p.m.29 views

CVE-2017-1000354

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...

9.1AI score0.01214EPSS
Exploits1References2
CVE
CVE
added 2018/01/29 5:0 p.m.121 views

CVE-2017-1000354

Jenkins CVE-2017-1000354 affects Jenkins versions &lt;= 2.56 (and

8.8CVSS8.4AI score0.01214EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/05/04 12:0 a.m.242 views

Jenkins < 2.46.2 / 2.57 and Jenkins Enterprise < 1.625.24.1 / 1.651.24.1 / 2.7.24.0.1 / 2.46.2.1 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.57 or is a version of Jenkins LTS prior to 2.46.2, or else it is a version of Jenkins Enterprise that is 1.625.x.y prior to 1.625.24.1, 1.651.x.y prior to 1.651.24.1, 2.7.x.0.y prior to 2.7.24.0.1, or 2.x.y.z prior to 2.46.2.1...

9.8CVSS8.5AI score0.99679EPSS
Exploits39References7
seebug.org
seebug.org
added 2017/04/28 12:0 a.m.40 views

Jenkins CLI: Login command allowed impersonating any Jenkins user (CVE-2017-1000354)

The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values e.g. with...

8.6AI score0.01214EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/04/28 12:0 a.m.58 views

Jenkins Multiple Vulnerabilities (Apr 2017) - Linux

Multiple cross-site request forgery CSRF vulnerabilities in Jenkins allow malicious users to perform several administrative actions by tricking a victim into opening a web page. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

9.8CVSS7.9AI score0.99679EPSS
Exploits39References4
Rows per page
Query Builder