Latest CVE Feed
-
5.9
MEDIUMCVE-2017-1000396
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely us... Read more
Affected Products : jenkins- EPSS Score: %0.02
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-1000395
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses i... Read more
Affected Products : jenkins- EPSS Score: %0.07
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-1000394
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with... Read more
Affected Products : jenkins- EPSS Score: %0.40
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-1000393
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the ... Read more
Affected Products : jenkins- EPSS Score: %0.60
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2017-1000392
Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacte... Read more
Affected Products : jenkins- EPSS Score: %0.11
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2017-1000391
Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user I... Read more
Affected Products : jenkins- EPSS Score: %0.19
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-1000390
Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.... Read more
Affected Products : multijob- EPSS Score: %0.02
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-1000389
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a ... Read more
Affected Products : global-build-stats- EPSS Score: %0.06
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-1000388
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data.... Read more
Affected Products : dependency_graph_viewer- EPSS Score: %0.03
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-1000387
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing a... Read more
Affected Products : build-publisher- EPSS Score: %0.01
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-1000386
Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could includ... Read more
Affected Products : active_choices- EPSS Score: %0.04
- Published: Jan. 26, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-1000356
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly dele... Read more
Affected Products : jenkins- EPSS Score: %7.18
- Published: Jan. 29, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-1000355
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.... Read more
Affected Products : jenkins- EPSS Score: %0.41
- Published: Jan. 29, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-1000354
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully ... Read more
Affected Products : jenkins- EPSS Score: %0.22
- Published: Jan. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to... Read more
- EPSS Score: %94.42
- Published: Jan. 29, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-1000141
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either p... Read more
Affected Products : mahara- EPSS Score: %0.21
- Published: Jan. 30, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-0938
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.... Read more
- EPSS Score: %0.44
- Published: Feb. 12, 2019
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2017-0936
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords th... Read more
Affected Products : nextcloud_server- EPSS Score: %0.13
- Published: Mar. 28, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-0935
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-onl... Read more
Affected Products : edgeos- EPSS Score: %0.36
- Published: Mar. 22, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-0934
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only)... Read more
- EPSS Score: %0.36
- Published: Mar. 22, 2018
- Modified: Nov. 21, 2024