Filtered by vendor Jenkins Subscriptions
Filtered by product Jenkins Subscriptions

Search

Switch to Advanced Search (Beta)
Total 286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-1000354 1 Jenkins 1 Jenkins 2024-11-21 N/A
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.
CVE-2012-4441 1 Jenkins 1 Jenkins 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVE-2012-4440 1 Jenkins 1 Jenkins 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.
CVE-2012-4439 1 Jenkins 1 Jenkins 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.
CVE-2012-4438 1 Jenkins 1 Jenkins 2024-11-21 8.8 High
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
CVE-2012-0785 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2024-11-21 7.5 High
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."