Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-9634
Jenkins prior to 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote malicious users to capture cookies by intercepting their transmission within an HTTP session.
Jenkins Jenkins
5
CVSSv2
CVE-2014-9635
Jenkins prior to 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to cookies.
Jenkins Jenkins
4
CVSSv2
CVE-2017-2598
Jenkins prior to 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
Jenkins Jenkins
5.5
CVSSv2
CVE-2017-2599
Jenkins prior to 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
Jenkins Jenkins
4
CVSSv2
CVE-2017-2600
In jenkins prior to 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
Jenkins Jenkins
3.5
CVSSv2
CVE-2017-2601
Jenkins prior to 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
Jenkins Jenkins
4
CVSSv2
CVE-2017-2602
jenkins prior to 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
Jenkins Jenkins
3.5
CVSSv2
CVE-2017-2603
Jenkins prior to 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
Jenkins Jenkins
4
CVSSv2
CVE-2017-2604
In Jenkins prior to 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
Jenkins Jenkins
4
CVSSv2
CVE-2017-2606
Jenkins prior to 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) that were able to get a list of items vi...
Jenkins Jenkins
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »