The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Jenkins Plugins ~ not comprehensive

vulnerability alert CVE-2019-1003040 CVE-2019-1003041 CVE-2019-1003042

Jenkins Plugins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 25/03/2019.
Identifiers: CVE-2019-1003040, CVE-2019-1003041, CVE-2019-1003042, CVE-2019-1003043, CVE-2019-1003044, CVE-2019-1003045, CVE-2019-1003046, CVE-2019-1003047, CVE-2019-1003048, VIGILANCE-VUL-28851.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-1003024 CVE-2019-1003025 CVE-2019-1003026

Jenkins Plugins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 20/02/2019.
Identifiers: CVE-2019-1003024, CVE-2019-1003025, CVE-2019-1003026, CVE-2019-1003027, CVE-2019-1003028, VIGILANCE-VUL-28558.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-1003000 CVE-2019-1003001 CVE-2019-1003002

Jenkins Plugins: privilege escalation via Sandbox Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Sandbox Bypass of Jenkins Plugins, in order to escalate his privileges.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/01/2019.
Identifiers: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002, VIGILANCE-VUL-28183.

Description of the vulnerability

An attacker can bypass restrictions via Sandbox Bypass of Jenkins Plugins, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1000865 CVE-2018-1000866

Jenkins Plugin: privilege escalation via Sandbox Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via Sandbox Bypass of Jenkins Plugin, in order to escalate his privileges.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/10/2018.
Identifiers: CVE-2018-1000865, CVE-2018-1000866, VIGILANCE-VUL-27639.

Description of the vulnerability

An attacker can bypass restrictions via Sandbox Bypass of Jenkins Plugin, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1000411 CVE-2018-1000412 CVE-2018-1000413

Jenkins Plugins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 25/09/2018.
Identifiers: CVE-2018-1000411, CVE-2018-1000412, CVE-2018-1000413, CVE-2018-1000414, CVE-2018-1000415, CVE-2018-1000416, CVE-2018-1000417, CVE-2018-1000418, CVE-2018-1000419, CVE-2018-1000420, CVE-2018-1000421, CVE-2018-1000422, CVE-2018-1000423, CVE-2018-1000424, CVE-2018-1000425, CVE-2018-1000426, FG-VD-18-122, FG-VD-18-124, VIGILANCE-VUL-27317.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1999025 CVE-2018-1999026 CVE-2018-1999027

Jenkins Plugins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 30/07/2018.
Identifiers: CVE-2018-1999025, CVE-2018-1999026, CVE-2018-1999027, CVE-2018-1999028, CVE-2018-1999029, CVE-2018-1999030, CVE-2018-1999031, CVE-2018-1999032, CVE-2018-1999033, CVE-2018-1999034, CVE-2018-1999035, CVE-2018-1999036, CVE-2018-1999037, CVE-2018-1999038, CVE-2018-1999039, CVE-2018-1999040, CVE-2018-1999041, VIGILANCE-VUL-26872.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000401 CVE-2018-1000402 CVE-2018-1000403

Jenkins Plugins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 15.
Creation date: 25/06/2018.
Identifiers: CVE-2018-1000401, CVE-2018-1000402, CVE-2018-1000403, CVE-2018-1000404, CVE-2018-1000600, CVE-2018-1000601, CVE-2018-1000602, CVE-2018-1000603, CVE-2018-1000604, CVE-2018-1000605, CVE-2018-1000606, CVE-2018-1000607, CVE-2018-1000608, CVE-2018-1000609, CVE-2018-1000610, VIGILANCE-VUL-26530.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1000182 CVE-2018-1000183 CVE-2018-1000184

Jenkins Plugins: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 04/06/2018.
Identifiers: CVE-2018-1000182, CVE-2018-1000183, CVE-2018-1000184, CVE-2018-1000185, CVE-2018-1000186, CVE-2018-1000187, CVE-2018-1000188, CVE-2018-1000189, CVE-2018-1000190, CVE-2018-1000191, VIGILANCE-VUL-26309.

Description of the vulnerability

An attacker can use several vulnerabilities of Jenkins Plugins.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1000202

Jenkins Groovy Postbuild: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Jenkins Groovy Postbuild, in order to run JavaScript code in the context of the web site.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1000202, VIGILANCE-VUL-26069.

Description of the vulnerability

The Jenkins Groovy Postbuild product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Jenkins Groovy Postbuild, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1000196

Jenkins Gitlab Hook: information disclosure via Plain Text API Token

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Plain Text API Token of Jenkins Gitlab Hook, in order to obtain sensitive information.
Impacted products: Jenkins Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1000196, VIGILANCE-VUL-26068.

Description of the vulnerability

An attacker can bypass access restrictions to data via Plain Text API Token of Jenkins Gitlab Hook, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Jenkins Plugins ~ not comprehensive: