CloudBees Jenkins Audit Trail Plugin URL Path Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

CVE-2020-2287

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...

PT-2020-15517 · Jenkins · Stapler +2

Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The issue arises from a discrepancy in how the Audit Trail Plugin and the Stapler web framework parse URL paths, allowing attackers to craft URLs that bypass request logging. Th...

Jenkins Stapler Web Framework Code Execution (CVE-2018-1000861)

A remote code execution vulnerability exists in Jenkins Stapler Web Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VulnCheck KEV: CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins...

PT-2020-2656 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue is related to the absence of protection against cross-site request forgery CSRF in Jenkins. This allows attackers to craft URLs that bypass CSR...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

jenkins: Unauthorized view fragment access (SECURITY-534)

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

jenkins: Unauthorized view fragment access (SECURITY-534)

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

Jenkins < 2.176.2 LTS / 2.186 Multiple Vulnerabilities

The version of Jenkins running on the remote web server is prior to 2.186 or is a version of Jenkins LTS prior to 2.176.2. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file write vulnerability exists due to an incomplete fix for SECURITY-1074, the improper validation of...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2019-26388)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

Improper Access Control

stapler web framework is vulnerable to Improper Access Control. The UI views are frequently comprised of several view fragments, enabling plugins to extend existing views with more content. This vulnerability allows an attacker to directly access a view fragment containing sensitive information,...

CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

Information disclosure

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

CVE-2019-10354

This CVE affects Jenkins: the Stapler web framework used by Jenkins up to 2.185 (and LTS up to 2.176.1) permits an authenticated attacker to directly access view fragments, bypassing permission checks and potentially exposing sensitive information. The underlying issue is improper access control ...

PT-2019-11752 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.185 and earlier, LTS 2.176.1 and earlier Description: A vulnerability in the Stapler web framework allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information...

Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861)

A remote code execution vulnerability exists in the Jenkins Stapler web framework. A remote attacker can exploit this vulnerability to execute arbitrary code via a specially crafted HTTP request...