Lucene search
K

4 matches found

OSV
OSV
added 2022/05/13 1:30 a.m.4 views

GHSA-89VC-7FRQ-2RFJ Jenkins has Local File Inclusion Vulnerability

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/...

6.9CVSS7.3AI score0.03156EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:30 a.m.2 views

GHSA-5MWR-JG3R-JV66 Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message...

2.1CVSS7.3AI score0.01786EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/22 4:49 p.m.4 views

jenkins: Public value used for CSRF protection salt (SECURITY-169)

Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack...

6.8CVSS7.4AI score0.0116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/01/26 7:12 p.m.8 views

jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...

7.5CVSS7.3AI score0.01787EPSS
Exploits0References5
Rows per page
Query Builder