Exposição de Jenkins
CI28
score de exposição
15
sites usam
1
em exploração
2
críticos
CVEs
141 resultadosCVE-2017-2609MEDIUMjenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autoEPSS 1.8%CVE-2022-20612—A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build ofEPSS 1.8%CVE-2021-21671—Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.EPSS 1.7%CVE-2017-2613MEDIUMjenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained untEPSS 1.7%CVE-2021-21604—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject craftedEPSS 1.7%CVE-2019-10354—A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fraEPSS 1.6%CVE-2019-1003004—An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AEPSS 1.6%CVE-2017-2602LOWjenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master securitEPSS 1.6%CVE-2017-2612MEDIUMIn Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in futuEPSS 1.6%CVE-2019-10384—Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSEPSS 1.6%CVE-2021-21697—Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins EPSS 1.6%CVE-2019-1003003—An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TEPSS 1.5%CVE-2017-2610MEDIUMjenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping userEPSS 1.5%CVE-2021-21693—When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 EPSS 1.5%CVE-2021-21694—FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in EPSS 1.5%CVE-2019-10353—CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CEPSS 1.5%CVE-2021-21685—Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirsEPSS 1.5%CVE-2019-1010241—Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: AuthenticEPSS 1.5%CVE-2021-21607—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attacEPSS 1.4%CVE-2021-21689—FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and eEPSS 1.4%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →