Exposición de Jenkins
CI28
score de exposición
15
sitios usan
1
en explotación
2
críticos
CVEs
141 resultadosCVE-2020-2162—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a bEPSS 1.2%CVE-2017-2599MEDIUMJenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new EPSS 1.1%CVE-2020-2222—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting inEPSS 1.1%CVE-2017-2598MEDIUMJenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secEPSS 1.1%CVE-2017-2600MEDIUMIn jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system cEPSS 1.1%CVE-2020-2221—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resultingEPSS 1.1%CVE-2020-2104—Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.EPSS 1.1%CVE-2017-2603LOWJenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive datEPSS 1.1%CVE-2017-2607MEDIUMjenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). JenkinEPSS 1.1%CVE-2019-10404—Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a storedEPSS 1.0%CVE-2019-10403—Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a storedEPSS 1.0%CVE-2019-10402—In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a storeEPSS 1.0%CVE-2019-10401—In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, rEPSS 1.0%CVE-2020-2223—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in tEPSS 1.0%CVE-2021-21608—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSSEPSS 1.0%CVE-2021-21611—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resultingEPSS 1.0%CVE-2021-21603—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (EPSS 1.0%CVE-2020-2220—Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-EPSS 1.0%CVE-2020-2099—Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowingEPSS 1.0%CVE-2019-10406—Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resultiEPSS 1.0%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →