Download
| Alert*
|
oval:org.secpod.oval:def:1801456
CVE-2019-1003049: Jenkins accepted cached legacy CLI authentication¶ Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CV ... oval:org.secpod.oval:def:55923 The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a cross-site scripting vulnerability. The flaw is present in the application, which fails to properly escape job URLs. Successful exploitation could allow attackers to cause unauthorized m ... oval:org.secpod.oval:def:55641 The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in URL validation. Successful exploitation could allow attackers to allo ... oval:org.secpod.oval:def:55919 The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a cross-site scripting vulnerability. The flaw is present in the application, which fails to properly escape job URLs. Successful exploitation could allow attackers to cause unauthorized m ... oval:org.secpod.oval:def:56002 The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in URL validation. Successful exploitation could allow attackers to allo ... |
