Filtered by vendor Jenkins Subscriptions
Total 1613 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1000111 1 Jenkins 1 Subversion 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
CVE-2018-1000110 1 Jenkins 1 Git 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
CVE-2018-1000109 1 Jenkins 1 Google-play-android-publisher 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.
CVE-2018-1000108 1 Jenkins 1 Cppncss 2024-11-21 N/A
A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.
CVE-2018-1000107 1 Jenkins 1 Job And Node Ownership 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
CVE-2018-1000106 1 Jenkins 1 Gerrit Trigger 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.
CVE-2018-1000105 1 Jenkins 1 Gerrit Trigger 2024-11-21 N/A
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
CVE-2018-1000104 1 Jenkins 1 Coverity 2024-11-21 N/A
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
CVE-2018-1000068 2 Jenkins, Oracle 2 Jenkins, Communications Cloud Native Core Automated Test Suite 2024-11-21 5.3 Medium
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
CVE-2018-1000067 2 Jenkins, Oracle 2 Jenkins, Communications Cloud Native Core Automated Test Suite 2024-11-21 5.3 Medium
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
CVE-2018-1000058 1 Jenkins 1 Pipeline Supporting Apis 2024-11-21 N/A
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.
CVE-2018-1000057 1 Jenkins 1 Credentials Binding 2024-11-21 N/A
Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but similar to configured passwords being provided to the build. Those values are not subject to masking, and could allow unauthorized users to recover the original password.
CVE-2018-1000056 1 Jenkins 1 Junit 2024-11-21 N/A
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
CVE-2018-1000055 1 Jenkins 1 Android Lint 2024-11-21 N/A
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
CVE-2018-1000054 1 Jenkins 1 Ccm 2024-11-21 N/A
Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
CVE-2018-1000015 1 Jenkins 1 Pipeline Nodes And Processes 2024-11-21 N/A
On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.
CVE-2018-1000014 1 Jenkins 1 Translation Assistance 2024-11-21 N/A
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator.
CVE-2018-1000013 1 Jenkins 1 Release 2024-11-21 N/A
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
CVE-2018-1000012 1 Jenkins 1 Warnings 2024-11-21 N/A
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
CVE-2018-1000011 1 Jenkins 1 Findbugs 2024-11-21 N/A
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.