Jenkins Core vulnerabilities

CVE-2019-1003003 [HIGH] Jenkins Security Advisory 2019-01-16 Title: Jenkins Security Advisory 2019-01-16 Jenkins Security Advisory 2019-01-16 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Overvi

CVE-2018-1000861 [CRITICAL] Jenkins Security Advisory 2018-12-05 Title: Jenkins Security Advisory 2018-12-05 Jenkins Security Advisory 2018-12-05 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Ov

CVE-2018-1000406 [MEDIUM] Jenkins Security Advisory 2018-10-10 Title: Jenkins Security Advisory 2018-10-10 Jenkins Security Advisory 2018-10-10 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Over

CVE-2018-1999042 [MEDIUM] Jenkins Security Advisory 2018-08-15 Title: Jenkins Security Advisory 2018-08-15 Jenkins Security Advisory 2018-08-15 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Over

CVE-2018-1999001 [HIGH] Jenkins Security Advisory 2018-07-18 Title: Jenkins Security Advisory 2018-07-18 Jenkins Security Advisory 2018-07-18 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Overvi

CVE-2018-1000192 [MEDIUM] Jenkins Security Advisory 2018-05-09 Title: Jenkins Security Advisory 2018-05-09 Jenkins Security Advisory 2018-05-09 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Over

CVE-2018-1000169 [MEDIUM] Jenkins Security Advisory 2018-04-11 Title: Jenkins Security Advisory 2018-04-11 Jenkins Security Advisory 2018-04-11 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Over

CVE-2018-1000067 [MEDIUM] Jenkins Security Advisory 2018-02-14 Title: Jenkins Security Advisory 2018-02-14 Jenkins Security Advisory 2018-02-14 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Over

CVE-2017-1000503 [HIGH] Jenkins Security Advisory 2017-12-14 Title: Jenkins Security Advisory 2017-12-14 Jenkins Security Advisory 2017-12-14 This advisory announces two vulnerabilities in Jenkins. Description Random failures to initialize the setup wizard on startup SECURITY-667 / CVE-2017-1000503 A race condition during Jenkins startup could result in the wrong order of execution of commands during initialization. On Jenkins 2.81 and ne

CVE-2017-1000391 [HIGH] Jenkins Security Advisory 2017-11-08 Title: Jenkins Security Advisory 2017-11-08 Jenkins Security Advisory 2017-11-08 Jenkins Security Home For Administrators Overview Terminology Vulnerabilities and Scoring Security Advisories Security Issues Advisory Schedule Vulnerabilities in Plugins How We Fix Security Issues For Reporters Reporting Vulnerabilities Jenkins CNA For Maintainers Overvi

CVE-2012-6153 [HIGH] Jenkins Security Advisory 2017-10-11 Title: Jenkins Security Advisory 2017-10-11 Jenkins Security Advisory 2017-10-11 This advisory announces multiple vulnerabilities in Jenkins (weekly and LTS), and these plugins: Maven Plugin Swarm Plugin Client Speaks! Plugin Description Arbitrary shell command execution on controller by users with Agent-related permissions SECURITY-478 / CVE-2017-1000393 Users with permissio

CVE-2017-1000353 [HIGH] Jenkins Security Advisory 2017-04-26 Title: Jenkins Security Advisory 2017-04-26 Jenkins Security Advisory 2017-04-26 This advisory announces multiple vulnerabilities in Jenkins. Description CSRF: Multiple vulnerabilities SECURITY-412 through SECURITY-420 / CVE-2017-1000356 Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a vi

CVE-2011-4969 [MEDIUM] Jenkins Security Advisory 2017-02-01 Title: Jenkins Security Advisory 2017-02-01 Jenkins Security Advisory 2017-02-01 This advisory announces multiple vulnerabilities in Jenkins. Description Use of AES ECB block cipher mode without IV for encrypting secrets SECURITY-304 / CVE-2017-2598 Secrets such as passwords are typically stored on disk and sent to users as part of some pages in encrypted form. These were encrypted

CVE-2016-9299 [CRITICAL] Jenkins Security Advisory 2016-11-16 Title: Jenkins Security Advisory 2016-11-16 Jenkins Security Advisory 2016-11-16 This advisory announces the fix for a previously disclosed zero-day vulnerability in Jenkins. Description Remote code execution vulnerability in remoting module SECURITY-360 / CVE-2016-9299 An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object t

CVE-2016-3721 [MEDIUM] Jenkins Security Advisory 2016-05-11 Title: Jenkins Security Advisory 2016-05-11 Jenkins Security Advisory 2016-05-11 Revised 2016-05-12 : Added note on plugins impacted by SECURITY-170, mentioned system property disabling part of the SECURITY-243 fix. This advisory announces multiple vulnerabilities in Jenkins. Description Arbitrary build parameters are passed to build scripts as environment variables SECURITY-170 /

CVE-2016-0788 [CRITICAL] Jenkins Security Advisory 2016-02-24 Title: Jenkins Security Advisory 2016-02-24 Jenkins Security Advisory 2016-02-24 This advisory announces multiple vulnerabilities in Jenkins. Description Remote code execution vulnerability in remoting module SECURITY-232 / CVE-2016-0788 A vulnerability in the Jenkins remoting module allowed unauthenticated remote attackers to open a JRMP listener on the server hosting the Jenkin

CVE-2015-7536 [MEDIUM] Jenkins Security Advisory 2015-12-09 Title: Jenkins Security Advisory 2015-12-09 Jenkins Security Advisory 2015-12-09 This advisory announces multiple vulnerabilities in Jenkins. Description Stored XSS vulnerability through workspace files and archived artifacts SECURITY-95 / CVE-2015-7536 In certain configurations, low privilege users were able to create e.g. HTML files in workspaces and archived artifacts that could

CVE-2014-3665 [HIGH] Jenkins Security Advisory 2015-11-11 Title: Jenkins Security Advisory 2015-11-11 Jenkins Security Advisory 2015-11-11 This advisory announces multiple vulnerabilities in Jenkins. Description Project name disclosure via fingerprints SECURITY-153 / CVE-2015-5317 The Jenkins UI allowed users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages if those shared file fingerprints with

CVE-2015-1812 [MEDIUM] Jenkins Security Advisory 2015-03-23 Title: Jenkins Security Advisory 2015-03-23 Jenkins Security Advisory 2015-03-23 This advisory announces a security advisory in Jenkins core. Description SECURITY-171/CVE-2015-1812, SECURITY-177/CVE-2015-1813 (Reflective XSS vulnerability) An attacker without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vuln

CVE-2014-3566 [LOW] Jenkins Security Advisory 2014-10-15 Title: Jenkins Security Advisory 2014-10-15 Jenkins Security Advisory 2014-10-15 This advisory discusses the impact of so-called Poodle vulnerability (CVE-2014-3566) in Jenkins core. Description This vulnerability allows a man-in-the-middle attacker to decrypt SSLv3 communication. See this post for the technical detail of the attack. This involves an attacker who sits in the middle of a