The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Jenkins Core LTS

vulnerability announce CVE-2018-1000170

Jenkins Core LTS: Cross Site Scripting via Confirmation Dialogs

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Confirmation Dialogs of Jenkins Core LTS, in order to run JavaScript code in the context of the web site.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/04/2018.
Identifiers: CVE-2018-1000170, VIGILANCE-VUL-25842.

Description of the vulnerability

The Jenkins Core LTS product offers a web service.

However, it does not filter received data via Confirmation Dialogs before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Confirmation Dialogs of Jenkins Core LTS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1000169

Jenkins Core LTS: information disclosure via Views / Agents

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Views / Agents of Jenkins Core LTS, in order to obtain sensitive information.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/04/2018.
Identifiers: CVE-2018-1000169, VIGILANCE-VUL-25841.

Description of the vulnerability

An attacker can bypass access restrictions to data via Views / Agents of Jenkins Core LTS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000067 CVE-2018-1000068 CVE-2018-6356

Jenkins Core LTS: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/02/2018.
Identifiers: CVE-2018-1000067, CVE-2018-1000068, CVE-2018-1000102-REJECT, CVE-2018-1000103-REJECT, CVE-2018-6356, VIGILANCE-VUL-25307.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000393 CVE-2017-1000394 CVE-2017-1000395

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core, Jenkins Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 12/10/2017.
Revision date: 26/01/2018.
Identifiers: CVE-2017-1000393, CVE-2017-1000394, CVE-2017-1000395, CVE-2017-1000396, CVE-2017-1000398, CVE-2017-1000399, CVE-2017-1000400, CVE-2017-1000401, VIGILANCE-VUL-24106.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000503 CVE-2017-1000504

Jenkins Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2017.
Identifiers: CVE-2017-1000503, CVE-2017-1000504, VIGILANCE-VUL-24766.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 24652

Jenkins: Cross Site Scripting via Tool Names

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Tool Names of Jenkins, in order to run JavaScript code in the context of the web site.
Impacted products: Jenkins Core, Jenkins Plugins ~ not comprehensive.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 05/12/2017.
Identifiers: SECURITY-624, VIGILANCE-VUL-24652.

Description of the vulnerability

The Jenkins product offers a web service.

However, it does not filter received data via Tool Names before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Tool Names of Jenkins, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000391 CVE-2017-1000392

Jenkins: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/11/2017.
Identifiers: CVE-2017-1000391, CVE-2017-1000392, VIGILANCE-VUL-24387.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 23958

Jenkins: privilege escalation via Setup Wizard

Synthesis of the vulnerability

An attacker can bypass restrictions via Setup Wizard of Jenkins, in order to escalate his privileges.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 28/09/2017.
Identifiers: VIGILANCE-VUL-23958.

Description of the vulnerability

An attacker can bypass restrictions via Setup Wizard of Jenkins, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1000353 CVE-2017-1000354 CVE-2017-1000355

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 27/04/2017.
Identifiers: CVE-2017-1000353, CVE-2017-1000354, CVE-2017-1000355, CVE-2017-1000356, VIGILANCE-VUL-22571.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-4969 CVE-2015-0886 CVE-2017-1000362

Jenkins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/02/2017.
Identifiers: CVE-2011-4969, CVE-2015-0886, CVE-2017-1000362, CVE-2017-2598, CVE-2017-2599, CVE-2017-2600, CVE-2017-2601, CVE-2017-2602, CVE-2017-2603, CVE-2017-2604, CVE-2017-2605-REJECT, CVE-2017-2606, CVE-2017-2607, CVE-2017-2608, CVE-2017-2609, CVE-2017-2610, CVE-2017-2611, CVE-2017-2612, CVE-2017-2613, VIGILANCE-VUL-21849.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Jenkins Core LTS: