Exposição de Jenkins

CI

28

score de exposição

15

sites usam

1

em exploração

2

críticos

CVEs

141 resultados

CVE-2021-21696—Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories whEPSS 2.3%CVE-2021-21602—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacEPSS 2.2%CVE-2021-21605—Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to EPSS 2.2%CVE-2017-2601MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). UEPSS 2.1%CVE-2019-1003049—Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated inEPSS 2.1%CVE-2021-21683—The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting iEPSS 2.1%CVE-2021-21695—FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlEPSS 2.1%CVE-2017-2611MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workEPSS 2.1%CVE-2021-21691—Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.EPSS 2.0%CVE-2021-21692—FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controllerEPSS 2.0%CVE-2020-2160—Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLsEPSS 2.0%CVE-2021-21670—Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/CancEPSS 2.0%CVE-2017-2606MEDIUMJenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that shouEPSS 1.9%CVE-2021-21686—File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paEPSS 1.9%CVE-2021-21640—Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackersEPSS 1.9%CVE-2012-4441—Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTMEPSS 1.9%CVE-2012-4440—Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTMEPSS 1.9%CVE-2020-2105—REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.EPSS 1.8%CVE-2012-4439—Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTMEPSS 1.8%CVE-2023-27898CRITICALJenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depeEPSS 1.8%

← anteriorpágina 2 / 8próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →