VuXML ID | Description |
9720bb39-f82a-402f-9fe4-e2c875bdda83 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1498 / CVE-2019-10401
Stored XSS vulnerability in expandable textbox form control
(Medium) SECURITY-1525 / CVE-2019-10402
XSS vulnerability in combobox form control
(Medium) SECURITY-1537 (1) / CVE-2019-10403
Stored XSS vulnerability in SCM tag action tooltip
(Medium) SECURITY-1537 (2) / CVE-2019-10404
Stored XSS vulnerability in queue item tooltip
(Medium) SECURITY-1505 / CVE-2019-10405
Diagnostic web page exposed Cookie HTTP header
(Medium) SECURITY-1471 / CVE-2019-10406
XSS vulnerability in Jenkins URL setting
Discovery 2019-09-25 Entry 2019-09-25 jenkins
<= 2.196
jenkins-lts
<= 2.176.3
CVE-2019-10401
CVE-2019-10402
CVE-2019-10403
CVE-2019-10404
CVE-2019-10405
CVE-2019-10406
https://jenkins.io/security/advisory/2019-09-25/
|
1ddab5cb-14c9-4632-959f-802c412a9593 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1868 / CVE-2020-2220
Stored XSS vulnerability in job build time trend
(High) SECURITY-1901 / CVE-2020-2221
Stored XSS vulnerability in upstream cause
(High) SECURITY-1902 / CVE-2020-2222
Stored XSS vulnerability in 'keep forever' badge icons
(High) SECURITY-1945 / CVE-2020-2223
Stored XSS vulnerability in console links
Discovery 2020-07-15 Entry 2020-07-15 jenkins
< 2.245
jenkins-lts
< 2.235.2
CVE-2020-2220
CVE-2020-2221
CVE-2020-2222
CVE-2020-2223
https://www.jenkins.io/security/advisory/2020-07-15/
|
09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8 | jenkins -- Buffer corruption in bundled Jetty
Jenkins Security Advisory:
Description
(Critical) SECURITY-1983 / CVE-2019-17638
Buffer corruption in bundled Jetty
Discovery 2020-08-17 Entry 2020-08-17 jenkins
< 2.243
jenkins-lts
< 2.235.5
CVE-2019-17638
https://www.jenkins.io/security/advisory/2020-08-17/
|
eef0d2d9-78c0-441e-8b03-454c5baebe20 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1955 / CVE-2020-2229
Stored XSS vulnerability in help icons
(High) SECURITY-1957 / CVE-2020-2230
Stored XSS vulnerability in project naming strategy
(High) SECURITY-1960 / CVE-2020-2231
Stored XSS vulnerability in 'Trigger builds remotely'
Discovery 2020-08-12 Entry 2020-08-12 jenkins
< 2.252
jenkins-lts
< 2.235.4
CVE-2020-2229
CVE-2020-2230
CVE-2020-2231
https://www.jenkins.io/security/advisory/2020-08-12/
|
5bf6ed6d-9002-4f43-ad63-458f59e45384 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1774 / CVE-2020-2160
CSRF protection for any URL could be bypassed
(Medium) SECURITY-1781 / CVE-2020-2161
Stored XSS vulnerability in label expression validation
(Medium) SECURITY-1793 / CVE-2020-2162
Stored XSS vulnerability in file parameters
(Medium) SECURITY-1796 / CVE-2020-2163
Stored XSS vulnerability in list view column headers
Discovery 2020-03-25 Entry 2020-03-25 jenkins
<= 2.227
jenkins-lts
<= 2.204.5
CVE-2020-2160
CVE-2020-2161
CVE-2020-2162
CVE-2020-2163
https://jenkins.io/security/advisory/2020-03-25/
|
d6f76976-e86d-4f9a-9362-76c849b10db2 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1452 / CVE-2021-21602
Arbitrary file read vulnerability in workspace browsers
(High) SECURITY-1889 / CVE-2021-21603
XSS vulnerability in notification bar
(High) SECURITY-1923 / CVE-2021-21604
Improper handling of REST API XML deserialization errors
(High) SECURITY-2021 / CVE-2021-21605
Path traversal vulnerability in agent names
(Medium) SECURITY-2023 / CVE-2021-21606
Arbitrary file existence check in file fingerprints
(Medium) SECURITY-2025 / CVE-2021-21607
Excessive memory allocation in graph URLs leads to denial of service
(High) SECURITY-2035 / CVE-2021-21608
Stored XSS vulnerability in button labels
(Low) SECURITY-2047 / CVE-2021-21609
Missing permission check for paths with specific prefix
(High) SECURITY-2153 / CVE-2021-21610
Reflected XSS vulnerability in markup formatter preview
(High) SECURITY-2171 / CVE-2021-21611
Stored XSS vulnerability on new item page
Discovery 2021-01-13 Entry 2021-01-13 jenkins
< 2.275
jenkins-lts
< 2.263.2
https://www.jenkins.io/security/advisory/2021-01-13/
|
a250539d-d1d4-4591-afd3-c8bdfac335d8 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(High) SECURITY-1682 / CVE-2020-2099
Inbound TCP Agent Protocol/3 authentication bypass
(Medium) SECURITY-1641 / CVE-2020-2100
Jenkins vulnerable to UDP amplification reflection attack
(Medium) SECURITY-1659 / CVE-2020-2101
Non-constant time comparison of inbound TCP agent connection secret
(Medium) SECURITY-1660 / CVE-2020-2102
Non-constant time HMAC comparison
(Medium) SECURITY-1695 / CVE-2020-2103
Diagnostic page exposed session cookies
(Medium) SECURITY-1650 / CVE-2020-2104
Memory usage graphs accessible to anyone with Overall/Read
(Low) SECURITY-1704 / CVE-2020-2105
Jenkins REST APIs vulnerable to clickjacking
(Medium) SECURITY-1680 / CVE-2020-2106
Stored XSS vulnerability in Code Coverage API Plugin
(Medium) SECURITY-1565 / CVE-2020-2107
Fortify Plugin stored credentials in plain text
(High) SECURITY-1719 / CVE-2020-2108
XXE vulnerability in WebSphere Deployer Plugin
Discovery 2020-01-29 Entry 2020-01-29 jenkins
<= 2.219
jenkins-lts
<= 2.204.2
CVE-2020-2099
CVE-2020-2100
CVE-2020-2101
CVE-2020-2102
CVE-2020-2103
CVE-2020-2104
CVE-2020-2105
CVE-2020-2106
CVE-2020-2107
CVE-2020-2108
https://jenkins.io/security/advisory/2020-01-29/
|
7a7891fc-6318-447a-ba45-31d525ec11a0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1453 / CVE-2019-10383
Stored XSS vulnerability in update center
(High) SECURITY-1491 / CVE-2019-10384
CSRF protection tokens for anonymous users did not expire in some circumstances
Discovery 2019-08-28 Entry 2019-08-28 jenkins
<= 2.191
jenkins-lts
<= 2.176.2
CVE-2019-10383
CVE-2019-10384
https://jenkins.io/security/advisory/2019-08-28/
|
df3db21d-1a4d-4c78-acf7-4639e5a795e0 | jenkins -- multiple vulnerabilities
Jenkins Security Advisory:
Description
(Medium) SECURITY-1424 / CVE-2019-10352
Arbitrary file write vulnerability using file parameter definitions
(High) SECURITY-626 / CVE-2019-10353
CSRF protection tokens did not expire
(Medium) SECURITY-534 / CVE-2019-10354
Unauthorized view fragment access
Discovery 2019-07-17 Entry 2019-07-17 jenkins
< 2.186
jenkins-lts
< 2.176.2
CVE-2019-10352
CVE-2019-10353
CVE-2019-10354
https://jenkins.io/security/advisory/2019-07-17/
|