Lucene search
K

42 matches found

Tenable Nessus
Tenable Nessus
added 2019/07/26 12:0 a.m.38 views

Jenkins < 2.176.2 LTS / 2.186 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.186 or is a version of Jenkins LTS prior to 2.176.2. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file write vulnerability exists due to an incomplete fix for SECURITY-1074, the improper validation of...

7.5CVSS6.4AI score0.10225EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2019/07/17 7:21 p.m.24 views

CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

4.3CVSS4.3AI score0.01647EPSS
Exploits0References4
Prion
Prion
added 2019/07/17 4:15 p.m.14 views

Information disclosure

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

4CVSS5AI score0.01647EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2019/07/17 3:45 p.m.123 views

CVE-2019-10354

This CVE affects Jenkins: the Stapler web framework used by Jenkins up to 2.185 (and LTS up to 2.176.1) permits an authenticated attacker to directly access view fragments, bypassing permission checks and potentially exposing sensitive information. The underlying issue is improper access control ...

4.3CVSS4.3AI score0.01647EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/17 12:0 a.m.3 views

PT-2019-11752 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.185 and earlier, LTS 2.176.1 and earlier Description: A vulnerability in the Stapler web framework allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

4.3CVSS5.5AI score0.01647EPSS
Exploits0References11
CNVD
CNVD
added 2019/01/25 12:0 a.m.17 views

CloudBees Jenkins Path Traversal Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

6.5CVSS6.8AI score0.03256EPSS
Exploits0References1
NVD
NVD
added 2019/01/23 10:29 p.m.29 views

CVE-2018-1000997

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...

6.5CVSS6.4AI score0.03256EPSS
Exploits0References1
Prion
Prion
added 2019/01/23 10:29 p.m.18 views

Path traversal

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...

4CVSS6.2AI score0.03256EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2019/01/23 9:19 p.m.22 views

CVE-2018-1000997

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...

6.5CVSS4.1AI score0.03256EPSS
Exploits0References2
Prion
Prion
added 2018/12/10 2:29 p.m.33 views

Remote code execution

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS9.5AI score0.98481EPSS
Exploits5References4Affected Software2
Cvelist
Cvelist
added 2018/12/10 2:0 p.m.31 views

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

9.6AI score0.98481EPSS
Exploits5References4
CVE
CVE
added 2018/12/10 2:0 p.m.1340 views

CVE-2018-1000861

CVE-2018-1000861 affects Jenkins via the Stapler web framework (MetaClass && deserialization), enabling remote code execution. Affected: Jenkins 2.153 and earlier, LTS 2.138.3 and earlier. Root cause: deserialization/IMPACTful method invocation through crafted URLs in stapler/core MetaClass.java ...

10CVSS9.4AI score0.98481EPSS
In wildExploits5References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/12/10 12:0 a.m.66 views

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS5.5AI score0.98481EPSS
In wildExploits5References6
RedhatCVE
RedhatCVE
added 2018/07/30 3:50 a.m.29 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS3.5AI score0.86641EPSS
Exploits7References2
seebug.org
seebug.org
added 2018/07/26 12:0 a.m.715 views

Jenkins 任意文件读取漏洞(CVE-2018-1999002)

SECURITY-914 / CVE-2018-1999002 An arbitrary file read vulnerability in the Stapler web framework used by Jenkins allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. Input...

8.1AI score0.86641EPSS
Exploits7
Prion
Prion
added 2018/07/23 7:29 p.m.20 views

Design/Logic Flaw

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

5CVSS7.8AI score0.86641EPSS
Exploits7References3Affected Software2
NVD
NVD
added 2018/07/23 7:29 p.m.18 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS7.4AI score0.86641EPSS
Exploits7References3
NVD
NVD
added 2018/07/23 7:29 p.m.31 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.1AI score0.00894EPSS
Exploits0References2
OSV
OSV
added 2018/07/23 7:29 p.m.20 views

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...

7.5CVSS6.5AI score
Exploits0References3
OSV
OSV
added 2018/07/23 7:29 p.m.24 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder