Vulnerabilities
Vulnerable Software
Jenkins:  >> Jenkins  >> 2.175  Security Vulnerabilities
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
CVSS Score
4.8
EPSS Score
0.014
Published
2019-08-28
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-08-28
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
CVSS Score
6.5
EPSS Score
0.102
Published
2019-07-17
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.
CVSS Score
7.5
EPSS Score
0.015
Published
2019-07-17
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
CVSS Score
4.3
EPSS Score
0.016
Published
2019-07-17


Contact Us

Shodan ® - All rights reserved