Jenkins: >> Jenkins >> 1.601 Security Vulnerabilities
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
CVSS Score
7.5
EPSS Score
0.023
Published
2015-10-16
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.
CVSS Score
4.3
EPSS Score
0.018
Published
2015-10-16
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
CVSS Score
4.3
EPSS Score
0.018
Published
2015-10-16
Page 22