| Max CVSS | 6.5 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-12195 | 5.8 |
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication
|
12-02-2023 - 23:28 | 27-07-2018 - 15:29 | |
| CVE-2017-1000096 | 6.5 |
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2017-1000089 | 5.0 |
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
| CVE-2017-1000085 | 4.3 |
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure
|
02-11-2017 - 16:06 | 05-10-2017 - 01:29 | |
| CVE-2017-1000092 | 2.6 |
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into fo
|
17-10-2017 - 17:02 | 05-10-2017 - 01:29 |