4 matches found
GHSA-89VC-7FRQ-2RFJ Jenkins has Local File Inclusion Vulnerability
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/...
GHSA-5MWR-JG3R-JV66 Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message...
jenkins: Public value used for CSRF protection salt (SECURITY-169)
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...
jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...