Vulnerabilities (CVE)

Vendor filter

Jenkins Subscribe

Filter

291 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1003006 1 Jenkins 1 Groovy 2019-02-19 6.5
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that...
CVE-2018-1000997 1 Jenkins 1 Jenkins 2019-02-14 4.0
A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java,...
CVE-2019-1003003 1 Jenkins 1 Jenkins 2019-02-13 6.5
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft...
CVE-2019-1003002 1 Jenkins 1 Pipeline%3a Declarative 2019-02-13 6.5
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read...
CVE-2019-1003001 1 Jenkins 1 Pipeline%3a Groovy 2019-02-13 6.5
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows...
CVE-2019-1003020 1 Jenkins 1 Kanboard 2019-02-13 4.0
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.
CVE-2018-1000866 1 Jenkins 1 Pipeline%3a Groovy 2019-02-11 9.0
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java...
CVE-2019-1003017 1 Jenkins 1 Job Import 2019-02-11 2.6
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to...
CVE-2019-1003018 1 Jenkins 1 Github Oauth 2019-02-11 4.3
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the...
CVE-2019-1003021 1 Jenkins 1 Openid Connect Authentication 2019-02-11 4.3
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control...
CVE-2019-1003015 1 Jenkins 1 Job Import 2019-02-08 6.4
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server...
CVE-2019-1003016 1 Jenkins 1 Job Import 2019-02-08 4.3
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java,...
CVE-2019-1003022 1 Jenkins 1 Monitoring 2019-02-08 4.3
A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master.
CVE-2019-1003000 1 Jenkins 1 Script Security 2019-02-07 6.5
A sandbox bypass vulnerability exists in Script Security Plugin 2.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to...
CVE-2019-1003019 1 Jenkins 1 Github Oauth 2019-02-07 4.3
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
CVE-2019-1003014 1 Jenkins 1 Config File Provider 2019-02-07 3.5
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute...
CVE-2019-1003005 1 Jenkins 1 Script Security 2019-02-07 6.5
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a...
CVE-2019-1003007 1 Jenkins 1 Warnings 2019-02-06 6.8
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
CVE-2019-1003008 1 Jenkins 1 Warnings Next Generation 2019-02-06 6.8
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a...
CVE-2019-1003010 1 Jenkins 1 Git 2019-02-06 4.3
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.