Exposición de Jenkins

CI

28

score de exposición

15

sitios usan

1

en explotación

2

críticos

CVEs

141 resultados

CVE-2015-1809—XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XEPSS 1.4%CVE-2015-1811—XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XEPSS 1.4%CVE-2020-2102—Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.EPSS 1.4%CVE-2020-2101—Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which EPSS 1.4%CVE-2019-10383—A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer EPSS 1.4%CVE-2022-34171—In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symboEPSS 1.4%CVE-2022-34170—In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the featuEPSS 1.4%CVE-2022-34173—In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job displayEPSS 1.4%CVE-2022-34172—In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in EPSS 1.4%CVE-2017-2604MEDIUMIn Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently pEPSS 1.4%CVE-2019-1003050—The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 aEPSS 1.3%CVE-2021-21687—Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symEPSS 1.3%CVE-2021-21688—The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject aEPSS 1.3%CVE-2021-21609—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing EPSS 1.3%CVE-2022-34175—Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing somEPSS 1.3%CVE-2020-2161—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label exprEPSS 1.2%CVE-2022-34174—In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between logiEPSS 1.2%CVE-2021-21606—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existeEPSS 1.2%CVE-2021-21610—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup pEPSS 1.2%CVE-2020-2163—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS EPSS 1.2%

← anteriorpágina 4 / 8siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →