Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-1934

Malware in sbrugna...

4.6CVSS9.2AI score0.01569EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2922

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.01045EPSS
Exploits0References5
OSV
OSV
added 2022/05/17 3:53 a.m.4 views

GHSA-9VG9-X38G-9HFX Jenkins allows attackers to determine whether a user exists

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS5.9AI score0.02952EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 3:53 a.m.7 views

Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...

4.6CVSS6.8AI score0.01569EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2019/05/02 5:18 a.m.26 views

Privilege Escalation

jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm class when using jenkins' user database, which allows remote attackers to gain privileges by creating a reserved name...

4.6CVSS7.7AI score0.01569EPSS
Exploits0References35Affected Software58
Prion
Prion
added 2019/01/09 11:29 p.m.18 views

Denial of service

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...

6.4CVSS6.4AI score0.0147EPSS
Exploits3References2Affected Software1
RedhatCVE
RedhatCVE
added 2018/06/06 6:19 a.m.23 views

CVE-2018-1000193

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...

4.3CVSS4.7AI score0.01045EPSS
Exploits0References2
OSV
OSV
added 2018/06/05 9:29 p.m.22 views

CVE-2018-1000193

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...

4.3CVSS4.8AI score
Exploits0References2
NVD
NVD
added 2015/10/16 8:59 p.m.16 views

CVE-2015-1810

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...

4.6CVSS7.6AI score0.01569EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/10/16 8:59 p.m.20 views

CVE-2015-1810

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...

4.6CVSS7.2AI score0.01569EPSS
Exploits0References2
Prion
Prion
added 2015/10/16 8:59 p.m.18 views

Authentication flaw

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...

4.6CVSS7.1AI score0.01569EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2015/10/16 8:0 p.m.86 views

CVE-2015-1810

CVE-2015-1810 affects Jenkins/CloudBees Jenkins CI prior to 1.600 and LTS prior to 1.596.1. The HudsonPrivateSecurityRealm class does not restrict access to reserved names when using the Jenkins’ own user database, enabling a remote attacker to gain privileges by creating a reserved name. The iss...

4.6CVSS7.5AI score0.01569EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/10/16 8:0 p.m.28 views

CVE-2015-1810

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...

7.7AI score0.01569EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2015/03/01 12:0 a.m.15 views

jenkins -- multiple vulnerabilities

Kohsuke Kawaguchi from Jenkins team reports: Description SECURITY-125 Combination filter Groovy script unsecured This vulnerability allows users with the job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. SECURITY-162 directory traversal...

1.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2014/10/17 3:55 p.m.3 views

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS5.6AI score0.02952EPSS
Exploits0References4
Prion
Prion
added 2014/10/17 3:55 p.m.24 views

Design/Logic Flaw

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS7AI score0.02952EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/10/17 3:0 p.m.30 views

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

9.2AI score0.02952EPSS
Exploits0References3
Rows per page
Query Builder