9 matches found
CVE-2012-6073
Summary (CVE-2012-6073) : Jenkins core components prior to specific versions are vulnerable to an open redirect that allows remote attackers to redirect users to arbitrary sites and facilitate phishing via unspecified vectors. Affected products/versions include Jenkins before 1.491, Jenkins LTS b...
CVE-2012-6072
CVE-2012-6072 is a CRLF injection vulnerability in Jenkins core exposed to remote attackers who can inject HTTP headers and trigger HTTP response splitting via unspecified vectors. Affected are Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.4...
CVE-2013-2033
CVE-2013-2033 affects Jenkins before 1.514, Jenkins LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1/1.480.x before 1.480.4.1. The vulnerability is a cross-site scripting (XSS) issue that allows remote authenticated users with write permission to inject arbitrary web script or HTML vi...
CVE-2013-0158
CVE-2013-0158 affects Jenkins and Jenkins Enterprise. When a Jenkins slave is attached and anonymous read access is enabled, remote attackers could obtain the master cryptographic key via unspecified vectors, enabling potential arbitrary code execution on the master. Affected versions include Jen...
CVE-2013-2034
CVE-2013-2034 affects Jenkins and related Enterprise/LTS builds, enabling CSRF-based administrator session hijacking that can lead to arbitrary code execution or deployment of binaries to a Maven repository. Affected software includes Jenkins before 1.514, LTS before 1.509.1, Jenkins Enterprise 1...
CVE-2012-0785
Jenkins Hash DoS (CVE-2012-0785): Affected products are Jenkins versions before 1.447, LTS before 1.424.2, and CloudBees Enterprise 1.424.x before 1.424.2.1 or 1.400.x before 1.400.0.11. The vulnerability involves a hash collision that could allow remote attackers to cause substantial CPU load. N...
CVE-2012-6074
The CVE-2012-6074 entry concerns a Cross-site scripting (XSS) vulnerability in Jenkins. Affected versions include Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1. The root cause is an XSS f...
CVE-2012-0325
Affected software: Jenkins core (org.jenkins-ci.main:jenkins-core). Vulnerable versions include Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1. Root cause: cross-site scripting (XSS) vulnerability allowing a remote a...
CVE-2012-0324
CVE-2012-0324 is an XSS vulnerability in Jenkins core prior to versions 1.454, 1.424.5 (LTS), and Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1. The issue arises from an improper handling/escaping that allows remote attackers to inject arbitrary web script or HTML via unspecif...