Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-6372 | 2.1 |
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
|
13-02-2023 - 04:49 | 08-05-2014 - 14:29 | |
CVE-2014-3663 | 6.0 |
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
|
13-02-2023 - 00:41 | 16-10-2014 - 19:55 | |
CVE-2014-3681 | 4.3 |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
13-02-2023 - 00:41 | 15-10-2014 - 14:55 | |
CVE-2014-3678 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
13-02-2023 - 00:41 | 10-10-2014 - 14:55 | |
CVE-2014-3665 | 6.8 |
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
|
13-02-2023 - 00:41 | 25-11-2015 - 20:59 | |
CVE-2014-3662 | 5.0 |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
|
13-02-2023 - 00:41 | 16-10-2014 - 19:55 | |
CVE-2014-3661 | 5.0 |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
|
13-02-2023 - 00:41 | 16-10-2014 - 19:55 | |
CVE-2014-3674 | 7.5 |
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
|
13-02-2023 - 00:41 | 13-11-2014 - 21:32 | |
CVE-2014-3667 | 4.0 |
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
|
13-02-2023 - 00:41 | 16-10-2014 - 19:55 | |
CVE-2014-3664 | 4.0 |
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
|
13-02-2023 - 00:41 | 15-10-2014 - 14:55 | |
CVE-2014-3602 | 2.1 |
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
|
13-02-2023 - 00:40 | 13-11-2014 - 21:32 | |
CVE-2014-2067 | 3.5 |
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
|
29-08-2017 - 01:34 | 01-03-2014 - 00:01 | |
CVE-2014-2059 | 6.5 |
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
|
29-08-2017 - 01:34 | 01-03-2014 - 00:01 | |
CVE-2013-5573 | 4.3 |
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
|
29-08-2017 - 01:33 | 31-12-2013 - 16:04 | |
CVE-2014-3666 | 7.5 |
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
|
15-06-2016 - 14:33 | 16-10-2014 - 19:55 | |
CVE-2014-2068 | 3.5 |
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
|
13-06-2016 - 23:43 | 17-10-2014 - 15:55 | |
CVE-2014-2066 | 6.8 |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
|
13-06-2016 - 23:40 | 17-10-2014 - 15:55 | |
CVE-2014-2065 | 4.3 |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
|
13-06-2016 - 23:39 | 17-10-2014 - 15:55 | |
CVE-2014-2064 | 5.0 |
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
|
13-06-2016 - 23:38 | 17-10-2014 - 15:55 | |
CVE-2014-2062 | 6.5 |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
|
13-06-2016 - 23:36 | 17-10-2014 - 15:55 | |
CVE-2014-2063 | 7.5 |
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
13-06-2016 - 23:36 | 17-10-2014 - 15:55 | |
CVE-2014-2061 | 5.0 |
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
|
13-06-2016 - 23:35 | 17-10-2014 - 15:55 | |
CVE-2014-2060 | 5.0 |
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
|
13-06-2016 - 23:34 | 17-10-2014 - 15:55 | |
CVE-2013-7330 | 4.0 |
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
|
13-06-2016 - 23:27 | 17-10-2014 - 15:55 |