7 matches found
GHSA-4653-RMCH-3G2G Jenkins has Information Disclosure via Sidepanel Widget
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...
jenkins: Queue API did show items not visible to the current user (SECURITY-186)
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...
jenkins: API tokens of other users available to admins (SECURITY-200)
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...
CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2015-07821)
CloudBees Jenkins is the open source continuous integration server. A cross-site scripting vulnerability exists in CloudBees Jenkins 1.638, LTS versions prior to 1.625.2, in the slave overview page, where a remote user with certain privileges can inject web script or HTML via a slave offline stat...
CloudBees Jenkins Elevation of Privilege Vulnerability
CloudBees Jenkins is the open source continuous integration server. A security vulnerability exists in CloudBees Jenkins versions prior to 1.638, LTS 1.625.2, which can be exploited by remote administrators to gain elevated privileges to run scripts via another user's API token...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2015-07825)
CloudBees Jenkins is the open source continuous integration server. A security vulnerability exists in the sidepanel widget in the CLI command overview and help pages of CloudBees Jenkins 1.638, LTS before 1.625.2, which allows remote attackers to obtain sensitive information by directly requesti...
Jenkins Domain Credential Recovery
This module will collect Jenkins domain credentials, and uses the script console to decrypt each password if anonymous permission is allowed. It has been tested against Jenkins version 1.590, 1.633, and 1.638. This module requires Metasploit: https://metasploit.com/download Current source:...