Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:1 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2012 more potentially affected by CVE-2018-6356 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.8)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =0.9, =0.45 and more Source cves: CVE-2018-6356 Source advisory: OSV:GHSA-5P59-V5WM-77V4...

6.5CVSS6.7AI score0.0388EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/02/22 12:0 a.m.151 views

Jenkins < 2.89.4 / 2.107 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.107 or is a version of Jenkins LTS prior to 2.89.4. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

6.5CVSS6.3AI score0.0388EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/02/20 3:29 p.m.52 views

CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

6.5CVSS6.8AI score0.0388EPSS
Exploits0References1
OSV
OSV
added 2018/02/20 3:29 p.m.18 views

CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

6.5CVSS6.9AI score
Exploits0References4
Cvelist
Cvelist
added 2018/02/20 3:0 p.m.23 views

CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

6.5AI score0.0388EPSS
Exploits0References4
CVE
CVE
added 2018/02/20 3:0 p.m.492 views

CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 fail to block relative paths that escape the plugin resource directory, allowing users with Overall/Read to download files from the Jenkins master. On Windows, any file accessible to the master could be downloaded; on other OSes, any file under t...

6.5CVSS6.4AI score0.0388EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2018/02/19 12:0 a.m.91 views

Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

6.5CVSS5.8AI score0.0388EPSS
Exploits0References1
Rows per page
Query Builder