Filtered by vendor Jenkins
Subscriptions
Filtered by product Jenkins
Subscriptions
Total
251 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5317 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 High |
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. | ||||
CVE-2014-3663 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | ||||
CVE-2013-2033 | 3 Cloudbees, Jenkins, Redhat | 3 Jenkins, Jenkins, Openshift | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-3727 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors. | ||||
CVE-2015-5319 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. | ||||
CVE-2015-5318 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. | ||||
CVE-2016-3726 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs. | ||||
CVE-2016-0791 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach. | ||||
CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
CVE-2016-0788 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. | ||||
CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | ||||
CVE-2014-2067 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | ||||
CVE-2013-7330 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | ||||
CVE-2014-2064 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | ||||
CVE-2015-5320 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. | ||||
CVE-2014-2059 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | ||||
CVE-2014-2060 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | ||||
CVE-2014-2063 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
CVE-2014-2065 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. | ||||
CVE-2015-5323 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. |