17 matches found
EUVD-2015-1934
Malware in sbrugna...
EUVD-2022-2922
Malicious code in bioql PyPI...
GHSA-9VG9-X38G-9HFX Jenkins allows attackers to determine whether a user exists
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
Privilege Escalation
jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm class when using jenkins' user database, which allows remote attackers to gain privileges by creating a reserved name...
Denial of service
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...
CVE-2018-1000193
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...
CVE-2018-1000193
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...
CVE-2015-1810
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
CVE-2015-1810
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
Authentication flaw
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
CVE-2015-1810
CVE-2015-1810 affects Jenkins/CloudBees Jenkins CI prior to 1.600 and LTS prior to 1.596.1. The HudsonPrivateSecurityRealm class does not restrict access to reserved names when using the Jenkins’ own user database, enabling a remote attacker to gain privileges by creating a reserved name. The iss...
CVE-2015-1810
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
jenkins -- multiple vulnerabilities
Kohsuke Kawaguchi from Jenkins team reports: Description SECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...
CVE-2014-2064
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...
Design/Logic Flaw
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...
CVE-2014-2064
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...