Lucene search
K

7 matches found

OSV
OSV
added 2022/05/13 1:30 a.m.1 views

GHSA-4653-RMCH-3G2G Jenkins has Information Disclosure via Sidepanel Widget

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...

6.9CVSS7.2AI score0.02064EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/01/26 7:12 p.m.9 views

jenkins: Queue API did show items not visible to the current user (SECURITY-186)

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

5CVSS7.4AI score0.02064EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/01/26 7:12 p.m.4 views

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

6.5CVSS7.4AI score0.01491EPSS
Exploits0References5
CNVD
CNVD
added 2015/11/26 12:0 a.m.6 views

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2015-07821)

CloudBees Jenkins is the open source continuous integration server. A cross-site scripting vulnerability exists in CloudBees Jenkins 1.638, LTS versions prior to 1.625.2, in the slave overview page, where a remote user with certain privileges can inject web script or HTML via a slave offline stat...

4.3CVSS6AI score0.01786EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/26 12:0 a.m.2 views

CloudBees Jenkins Elevation of Privilege Vulnerability

CloudBees Jenkins is the open source continuous integration server. A security vulnerability exists in CloudBees Jenkins versions prior to 1.638, LTS 1.625.2, which can be exploited by remote administrators to gain elevated privileges to run scripts via another user's API token...

6.5CVSS7.1AI score0.01491EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/26 12:0 a.m.3 views

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2015-07825)

CloudBees Jenkins is the open source continuous integration server. A security vulnerability exists in the sidepanel widget in the CLI command overview and help pages of CloudBees Jenkins 1.638, LTS before 1.625.2, which allows remote attackers to obtain sensitive information by directly requesti...

5CVSS6.8AI score0.02064EPSS
Exploits0References1
Metasploit
Metasploit
added 2015/11/23 10:23 p.m.29 views

Jenkins Domain Credential Recovery

This module will collect Jenkins domain credentials, and uses the script console to decrypt each password if anonymous permission is allowed. It has been tested against Jenkins version 1.590, 1.633, and 1.638. This module requires Metasploit: https://metasploit.com/download Current source:...

7AI score
Exploits0
Rows per page
Query Builder