Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle communications cloud native core automated test suite 1.9.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-6356
Jenkins prior to 2.107 and Jenkins LTS prior to 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should n...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.3
CVSSv3
CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and previous versions, and LTS 2.89.3 and previous versions, that allows an malicious user to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jen...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
9.8
CVSSv3
CVE-2017-1000353
Jenkins versions 2.56 and previous versions as well as 2.46.1 LTS and previous versions are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed malicious users to transfer a serialized Java `SignedObject` object t...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 EDB exploit
5 Github repositories
1 Article
4.3
CVSSv3
CVE-2018-1000192
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
8.1
CVSSv3
CVE-2018-1000194
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1000193
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is succe...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.3
CVSSv3
CVE-2018-1000067
An improper authorization vulnerability exists in Jenkins versions 2.106 and previous versions, and LTS 2.89.3 and previous versions, that allows an malicious user to have Jenkins submit HTTP GET requests and get limited information about the response.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1999003
A Improper authorization vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.4
CVSSv3
CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in anot...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »