Jenkins LTS
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0792 | Hig | 0.60 | 8.8 | 0.91 | Apr 7, 2016 | Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | ||
| CVE-2012-0785 | 0.00 | — | 0.02 | Feb 24, 2020 | Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." | |||
| CVE-2015-1811 | 0.00 | — | 0.00 | Jan 15, 2020 | XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | |||
| CVE-2015-1808 | 0.00 | — | 0.00 | Oct 16, 2015 | Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | |||
| CVE-2014-2061 | 0.00 | — | 0.00 | Oct 17, 2014 | The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | |||
| CVE-2014-3664 | 0.00 | — | 0.00 | Oct 15, 2014 | Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | |||
| CVE-2013-0158 | 0.00 | — | 0.01 | Feb 24, 2013 | Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic… | |||
| CVE-2012-6074 | 0.00 | — | 0.00 | Feb 24, 2013 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web… | |||
| CVE-2012-6073 | 0.00 | — | 0.00 | Feb 24, 2013 | Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing… | |||
| CVE-2012-0325 | 0.00 | — | 0.00 | Mar 9, 2012 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different… | |||
| CVE-2012-0324 | 0.00 | — | 0.00 | Mar 9, 2012 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different… |
- risk 0.60cvss 8.8epss 0.91
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
- CVE-2012-0785Feb 24, 2020risk 0.00cvss —epss 0.02
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
- CVE-2015-1811Jan 15, 2020risk 0.00cvss —epss 0.00
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
- CVE-2015-1808Oct 16, 2015risk 0.00cvss —epss 0.00
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
- CVE-2014-2061Oct 17, 2014risk 0.00cvss —epss 0.00
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
- CVE-2014-3664Oct 15, 2014risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
- CVE-2013-0158Feb 24, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic…
- CVE-2012-6074Feb 24, 2013risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web…
- CVE-2012-6073Feb 24, 2013risk 0.00cvss —epss 0.00
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing…
- CVE-2012-0325Mar 9, 2012risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different…
- CVE-2012-0324Mar 9, 2012risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different…