The host is installed with Jenkins LTS through 2.150.1 or Jenkins rolling release through 2.158 and is prone to an improper authorization vulnerability. The flaw is present in the application, which fails to properly handle an issue in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java. Successful exploitation could attackers with overall/runscripts permission to craft remember ...
The host is installed with Jenkins LTS through 2.150.1 or Jenkins rolling release through 2.158 and is prone to an improper authorization vulnerability. A flaw is present in the application, which fails to properly handle an issue in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java. Successful exploitation could allow attackers with overall/runscripts permission to craft remem ...
The host is installed with Jenkins LTS before 2.89.4 or Jenkins rolling release before 2.107 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in input validation. Successful exploitation could allow attackers with Overall/Read permission to download files from the Jenkins master they should not have access to.
The host is installed with Jenkins LTS before 2.89.4 or Jenkins rolling release before 2.107 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in input validation. Successful exploitation could allow attackers with Overall/Read permission to download files from the Jenkins master they should not have access to.
The host is installed with Jenkins LTS through 2.121.2 or Jenkins rolling release through 2.137 and is prone to an improper autorization vulnerability. A flaw is present in the application, which fails to properly handle an issue in UpdateCenter.java. Successful exploitation could allow attackers to cancel a jenkins restart scheduled through the update center.
The host is installed with Jenkins LTS through 2.121.2 or Jenkins rolling release through 2.137 and is prone to an improper authorization vulnerability. A flaw is present in the application, which fails to properly handle an issue in UpdateCenter.java. Successful exploitation could allow attackers to cancel a jenkins restart scheduled through the update center.
The host is installed with Jenkins LTS through 2.121.2 or Jenkins rolling release through 2.137 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an issue in Computer.java. Successful exploitation could allow attackers with overall/read permission to access the connection log for any agent.
The host is installed with Jenkins LTS through 2.121.2 or Jenkins rolling release through 2.137 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an issue in Computer.java. Successful exploitation could allow attackers with overall/read permission to access the connection log for any agent.
The host is installed with Jenkins LTS through 2.121.2 or Jenkins rolling release through 2.137 and is prone to an improper authentication vulnerability. A flaw is present in the application, which fails to properly handle issues in SecurityRealm.java and TokenBasedRememberMeServices2.java. Successful exploitation could allow attackers with a valid cookie to remain logged in even if that feature i ...
The host is installed with Jenkins LTS through 2.121.2 or Jenkins rolling release through 2.137 and is prone to an improper authentication vulnerability. A flaw is present in the application, which fails to properly handle issues in SecurityRealm.java and TokenBasedRememberMeServices2.java. Successful exploitation could allow attackers with a valid cookie to remain logged in even if that feature i ...