The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Jenkins Core

vulnerability CVE-2019-1003003 CVE-2019-1003004

Jenkins Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/01/2019.
Identifiers: CVE-2019-1003003, CVE-2019-1003004, VIGILANCE-VUL-28300.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1000406 CVE-2018-1000407 CVE-2018-1000408

Jenkins Core LTS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 11/10/2018.
Identifiers: CVE-2018-1000406, CVE-2018-1000407, CVE-2018-1000408, CVE-2018-1000409, CVE-2018-1000410, CVE-2018-1000997, CVE-2018-1999043, VIGILANCE-VUL-27464.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1999042 CVE-2018-1999043 CVE-2018-1999044

Jenkins Core LTS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 6.
Creation date: 16/08/2018.
Identifiers: CVE-2018-1999042, CVE-2018-1999043, CVE-2018-1999044, CVE-2018-1999045, CVE-2018-1999046, CVE-2018-1999047, VIGILANCE-VUL-27001.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1999001 CVE-2018-1999002 CVE-2018-1999003

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 18/07/2018.
Identifiers: CVE-2018-1999001, CVE-2018-1999002, CVE-2018-1999003, CVE-2018-1999004, CVE-2018-1999005, CVE-2018-1999006, CVE-2018-1999007, VIGILANCE-VUL-26788.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1000192 CVE-2018-1000193 CVE-2018-1000194

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1000192, CVE-2018-1000193, CVE-2018-1000194, CVE-2018-1000195, VIGILANCE-VUL-26066.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000170

Jenkins Core LTS: Cross Site Scripting via Confirmation Dialogs

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Confirmation Dialogs of Jenkins Core LTS, in order to run JavaScript code in the context of the web site.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/04/2018.
Identifiers: CVE-2018-1000170, VIGILANCE-VUL-25842.

Description of the vulnerability

The Jenkins Core LTS product offers a web service.

However, it does not filter received data via Confirmation Dialogs before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Confirmation Dialogs of Jenkins Core LTS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1000169

Jenkins Core LTS: information disclosure via Views / Agents

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Views / Agents of Jenkins Core LTS, in order to obtain sensitive information.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/04/2018.
Identifiers: CVE-2018-1000169, VIGILANCE-VUL-25841.

Description of the vulnerability

An attacker can bypass access restrictions to data via Views / Agents of Jenkins Core LTS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000067 CVE-2018-1000068 CVE-2018-6356

Jenkins Core LTS: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/02/2018.
Identifiers: CVE-2018-1000067, CVE-2018-1000068, CVE-2018-1000102-REJECT, CVE-2018-1000103-REJECT, CVE-2018-6356, VIGILANCE-VUL-25307.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000393 CVE-2017-1000394 CVE-2017-1000395

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core, Jenkins Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 12/10/2017.
Revision date: 26/01/2018.
Identifiers: CVE-2017-1000393, CVE-2017-1000394, CVE-2017-1000395, CVE-2017-1000396, CVE-2017-1000398, CVE-2017-1000399, CVE-2017-1000400, CVE-2017-1000401, VIGILANCE-VUL-24106.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000503 CVE-2017-1000504

Jenkins Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2017.
Identifiers: CVE-2017-1000503, CVE-2017-1000504, VIGILANCE-VUL-24766.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Jenkins Core: