Search Results (1780 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3666 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
CVE-2014-3667 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
CVE-2014-2068 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
CVE-2014-2060 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
CVE-2014-2061 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
CVE-2014-2062 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
CVE-2014-2063 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-2067 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
CVE-2014-2065 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
CVE-2014-2066 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
CVE-2013-7330 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
CVE-2013-0328 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6072 3 Cloudbees, Jenkins, Redhat 3 Jenkins, Jenkins, Openshift 2025-04-11 N/A
CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2012-6073 3 Cloudbees, Jenkins, Redhat 3 Jenkins, Jenkins, Openshift 2025-04-11 N/A
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-5573 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
CVE-2013-0331 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.
CVE-2012-6074 3 Cloudbees, Jenkins, Redhat 3 Jenkins, Jenkins, Openshift 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0325 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
CVE-2011-4344 1 Jenkins 1 Jenkins 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
CVE-2013-0327 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.