VYPR

apk package

chainguard/jenkins

pkg:apk/chainguard/jenkins

Vulnerabilities (27)

  • CVE-2023-27903MedMar 10, 2023
    affected < 2.395-r0fixed 2.395-r0

    Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controlle

  • CVE-2023-27902MedMar 10, 2023
    affected < 2.395-r0fixed 2.395-r0

    Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

  • CVE-2023-27899HigMar 10, 2023
    affected < 2.395-r0fixed 2.395-r0

    Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file

  • CVE-2023-27898CriMar 10, 2023
    affected < 2.395-r0fixed 2.395-r0

    Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site sc

  • CVE-2023-24998HigFeb 20, 2023
    affected < 2.395-r0fixed 2.395-r0

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configur

  • CVE-2022-1471HigDec 1, 2022
    affected < 0fixed 0

    SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restric

  • CVE-2016-1000027CriJan 2, 2020
    affected < 0fixed 0

    Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO

Page 2 of 2