The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Jenkins Core LTS

computer vulnerability announce CVE-2018-1000067 CVE-2018-1000068 CVE-2018-6356

Jenkins Core LTS: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/02/2018.
Identifiers: CVE-2018-1000067, CVE-2018-1000068, CVE-2018-1000102-REJECT, CVE-2018-1000103-REJECT, CVE-2018-6356, VIGILANCE-VUL-25307.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core LTS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000393 CVE-2017-1000394 CVE-2017-1000395

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core, Jenkins Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 12/10/2017.
Revision date: 26/01/2018.
Identifiers: CVE-2017-1000393, CVE-2017-1000394, CVE-2017-1000395, CVE-2017-1000396, CVE-2017-1000398, CVE-2017-1000399, CVE-2017-1000400, CVE-2017-1000401, VIGILANCE-VUL-24106.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000503 CVE-2017-1000504

Jenkins Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2017.
Identifiers: CVE-2017-1000503, CVE-2017-1000504, VIGILANCE-VUL-24766.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 24652

Jenkins: Cross Site Scripting via Tool Names

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Tool Names of Jenkins, in order to run JavaScript code in the context of the web site.
Impacted products: Jenkins Core, Jenkins Plugins ~ not comprehensive.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 05/12/2017.
Identifiers: SECURITY-624, VIGILANCE-VUL-24652.

Description of the vulnerability

The Jenkins product offers a web service.

However, it does not filter received data via Tool Names before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Tool Names of Jenkins, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000391 CVE-2017-1000392

Jenkins: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Impacted products: Jenkins Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/11/2017.
Identifiers: CVE-2017-1000391, CVE-2017-1000392, VIGILANCE-VUL-24387.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 23958

Jenkins: privilege escalation via Setup Wizard

Synthesis of the vulnerability

An attacker can bypass restrictions via Setup Wizard of Jenkins, in order to escalate his privileges.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 28/09/2017.
Identifiers: VIGILANCE-VUL-23958.

Description of the vulnerability

An attacker can bypass restrictions via Setup Wizard of Jenkins, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1000353 CVE-2017-1000354 CVE-2017-1000355

Jenkins Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 27/04/2017.
Identifiers: CVE-2017-1000353, CVE-2017-1000354, CVE-2017-1000355, CVE-2017-1000356, VIGILANCE-VUL-22571.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-4969 CVE-2015-0886 CVE-2017-1000362

Jenkins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Impacted products: Jenkins Core.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/02/2017.
Identifiers: CVE-2011-4969, CVE-2015-0886, CVE-2017-1000362, CVE-2017-2598, CVE-2017-2599, CVE-2017-2600, CVE-2017-2601, CVE-2017-2602, CVE-2017-2603, CVE-2017-2604, CVE-2017-2605-REJECT, CVE-2017-2606, CVE-2017-2607, CVE-2017-2608, CVE-2017-2609, CVE-2017-2610, CVE-2017-2611, CVE-2017-2612, CVE-2017-2613, VIGILANCE-VUL-21849.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-9299

Jenkins: code execution via Java Deserialization

Synthesis of the vulnerability

An attacker can use a vulnerability via Java Deserialization of Jenkins, in order to run code.
Impacted products: Fedora, Jenkins Core.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 01/12/2016.
Identifiers: CVE-2016-9299, FEDORA-2016-368780879d, FEDORA-2016-93679a91df, VIGILANCE-VUL-21249.

Description of the vulnerability

An attacker can use a vulnerability via Java Deserialization of Jenkins, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-3721 CVE-2016-3722 CVE-2016-3723

Jenkins: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins.
Impacted products: Fedora, Jenkins Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 27/05/2016.
Identifiers: CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727, FEDORA-2016-9ba53cf8a2, FEDORA-2016-f7e7a6067d, VIGILANCE-VUL-19713.

Description of the vulnerability

Several vulnerabilities were announced in Jenkins.

An attacker can bypass security features via Environment Variables, in order to escalate his privileges. [severity:2/4; CVE-2016-3721]

An attacker can trigger an error via Multiple User Accounts, in order to trigger a denial of service. [severity:2/4; CVE-2016-3722]

An attacker can bypass security features via API, in order to obtain sensitive information. [severity:2/4; CVE-2016-3723]

An attacker can bypass security features via Encrypted Secrets, in order to obtain sensitive information. [severity:2/4; CVE-2016-3724]

An attacker can bypass security features via Update Site Metadata, in order to escalate his privileges. [severity:2/4; CVE-2016-3725]

An attacker can deceive the user via scheme-relative, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-3726]

An attacker can bypass file access restrictions via Node Configurations, in order to obtain sensitive information. [severity:2/4; CVE-2016-3727]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Jenkins Core LTS: