Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
oracle communications cloud native core automated test suite 1.9.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-6356
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1999003
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds....
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.4
CVSSv3
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.3
CVSSv3
CVE-2018-1000067
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response....
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1000193
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
7.5
CVSSv3
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 EDB exploit available
8 Github repositories available
9.8
CVSSv3
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 EDB exploit available
23 Github repositories available
4 Articles available
5.3
CVSSv3
CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
8.1
CVSSv3
CVE-2018-1000194
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection....
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-34265
open redirect
unauthorized
CVE-2022-2294
validation
CVE-2022-31600
CVE-2022-32095
CVE-2022-2284
CVE-2022-31601
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »
Vulmon