Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle communications cloud native core automated test suite 1.9.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.3
CVSSv3
CVE-2018-1000067
An improper authorization vulnerability exists in Jenkins versions 2.106 and previous versions, and LTS 2.89.3 and previous versions, that allows an malicious user to have Jenkins submit HTTP GET requests and get limited information about the response.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
5.3
CVSSv3
CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and previous versions, and LTS 2.89.3 and previous versions, that allows an malicious user to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jen...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.8
CVSSv3
CVE-2019-10383
A stored cross-site scripting vulnerability in Jenkins 2.191 and previous versions, LTS 2.176.2 and previous versions allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.1
4.3
CVSSv3
CVE-2022-20612
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and previous versions, LTS 2.319.1 and previous versions allows malicious users to trigger build of job without parameters when no security realm is set.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2022-20613
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and previous versions allows malicious users to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Jenkins Mailer 391.ve4a 38c1b Cf4b
Jenkins Mailer
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2022-20614
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and previous versions allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
Jenkins Mailer 391.ve4a 38c1b Cf4b
Jenkins Mailer
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1999004
A Improper authorization vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
1 Github repository
4.3
CVSSv3
CVE-2018-1999003
A Improper authorization vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
4.3
CVSSv3
CVE-2018-1000193
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other...
Jenkins Jenkins
Oracle Communications Cloud Native Core Automated Test Suite 1.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »