Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle communications cloud native core automated test suite 1.9.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-6356
Jenkins prior to 2.107 and Jenkins LTS prior to 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should n...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
8.8
CVSSv3
CVE-2018-1999001
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in User.java that allows malicious users to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins ho...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
7.5
CVSSv3
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows malicious users to send crafted HTTP requests returning the contents of any file on th...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 EDB exploit
4.3
CVSSv3
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 Github repository
5.4
CVSSv3
CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in anot...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1999003
A Improper authorization vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.4
CVSSv3
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2022-20612
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and previous versions, LTS 2.319.1 and previous versions allows malicious users to trigger build of job without parameters when no security realm is set.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1000192
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
8.1
CVSSv3
CVE-2018-1000194
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »